As more and more cyberattacks reach headline news every day, organizations are under pressure to secure their networks. But increasingly, traditional security tools lack durability against today's catastrophic attacks.
Security experts and leaders urge organizations to stop waiting for the perfect security plan to come together. They must take action now to protect against inevitable breaches.
Government agencies worldwide are warning that organizations, particularly those in critical infrastructure industries, need to be “shields up” in the face of ransomware and other attacks. This follows a significant shift in the last few years from ransomware attacks that gather data to those that cripple infrastructure like in the Colonial Pipeline attack.
Today’s world is more interconnected and fast-paced than ever, and cyberattacks will inevitably break through traditional perimeter defenses.
Instead of taking a naive view that all cyber threats can be kept at bay, Rubin urged business leaders to update their expectations to a Zero Trust model which anticipates and plans for cyberattacks using microsegmentation. And instead of waiting for the perfect security plan to take shape, organizations need to act immediately.
“Every day we do nothing is another day we’re giving attackers a window,” Rubin says. “A good answer today is better than a perfect answer a year or two from now.”
Zero Trust is a journey, not a destination
TechRadar’s interview with Illumio CTO and co-founder PJ Kirner warned against “analysis paralysis” when putting together a Zero Trust security plan. Many organizations are significantly behind when it comes to properly securing their environments. This is a result of ever-evolving operating models, increasingly dispersed data due to cloud migration, and remote work. To add more pressure, cyberattacks are no longer a question of if, but when.
Zero Trust Segmentation can combat these daunting issues, but many organizations take the wrong view when trying to implement a Zero Trust security strategy.
“Too often organizations view Zero Trust as an all or nothing approach," Kirner says.
Instead, Kirner encourages organizations to understand Zero Trust as a journey rather than a destination. It doesn’t require one complete plan; it can be broken down into multiple, small steps that get tackled over time. This allows organizations to start securing their most business-critical vulnerabilities rather than waiting for a full plan before any security practices get implemented.
And, importantly, this viewpoint offers quick wins and demonstrable ROI for Zero Trust projects to help the initiatives succeed in the long run. Zero Trust Segmentation can, in turn, become a way of thinking about security rather than just another project to finish or product to purchase.
Multicloud and hybrid cloud environments require Zero Trust Segmentation
In his GCN article, “Ramping Up Cloud Security With Zero Trust Segmentation,” Mark Sincevich, federal director at Illumio, reminds us that the security conversation isn’t just about the on-premises environment anymore. After two years of remote work and the resulting growth of cloud adoption, organizations face a new challenge in protecting their cloud environments.
Worryingly, Sincevich notes a common misconception about managed cloud environments: Organizations assume that the cloud “automatically provides the benefits of microsegmentation.” This simply isn’t the case.
While cloud environments provide basic security controls, they don’t provide host-based microsegmentation. In many cases, the cloud “puts data and applications at greater risk, due to increased complexity and expanded opportunities for attackers to gain access to the environment,” Sincevich says.
The best and fastest way to secure these vulnerable cloud environments is first by gaining visibility into network communications and vulnerabilities and then using that information to segment the environment. If your network gets breached, your security team can quickly detect and isolate the attack, preserving the rest of your digital infrastructure to keep your organization operational.
Cyberattack on UK retailer closes stores and halts deliveries
Another cyberattack, this time on UK discount retailer The Works, is unsurprising in today’s threat landscape, says Trevor Dearing, Illumio’s director of critical infrastructure solutions. In his interview with Computer Weekly, Dearing discusses how an unknown actor gained unauthorized access to The Works’ systems, causing the retailer to close a handful of its more than 500 stores and suspend in-store restocking and online deliveries.
The magnitude of the incident is still unfolding, according to Computer Weekly, as the retailer lacked effective visibility into their network and microsegmentation to quickly isolate the breach. The attack took weeks to discover, forced the organization to disable all internal and external access to systems and caused an ongoing forensic investigation into what the attack infected.
While Illumio’s Dearing praised The Works for “responding proactively and appropriately to the incident,” he notes that the attack’s damage has already been done by significantly impacting The Works’ operations. The cyberattack also highlights an interesting choice by cybercriminals, according to Dearing. Instead of targeting a high-profile organization, they attacked a smaller, lesser-known one.
“Inconspicuous organizations like The Works will likely have smaller budgets dedicated to security when compared to larger organizations,” Dearing says, “and threat actors recognize that this allows them to breach systems more easily.”
The Works’ cyberattack shows not only that breaches can happen at any time but that they can affect organizations of any size – and may even target smaller organizations with less robust security.