For many cybersecurity leaders and experts, the new year is just another reminder that bad actors have yet more tools and tactics to leverage against businesses than last year. Encouragingly, though, many are also recognizing and investing in the modern security strategies and solutions with which to challenge unavoidable attacks.
This month’s news featured insights from cybersecurity experts and thought leaders on topics including:
Why Zero Trust is essential to business growth
Cloud security gaps and how to solve them with Zero Trust Segmentation
Predictions from the godfather of Zero Trust on cybersecurity in the near year
“Geopolitics and its ongoing instability are the top cybersecurity drivers at a global level,” Columbus writes, summarizing the report’s findings. “A total of 70% of leaders say this factor influences their organization’s cybersecurity strategy.” The report also focused on issues including cyber inequity, the cyber skills shortage, and the impact of emerging technologies like generative AI (gen AI).
Columbus emphasizes the importance of a Zero Trust security strategy, particularly in the context of ongoing and increasing ransomware attacks and social engineering.
“Zero trust can [turn] trust into a business accelerator,” he explained. “Ultimately, cybersecurity is a business decision. In 2024, it’s going to be evaluated more than ever in terms of its risk reduction potential and ability to contribute to revenue growth.”
According to Columbus, microsegmentation, also called Zero Trust Segmentation, is foundational to any Zero Trust strategy. He quotes David Holmes, senior analyst at Forrester Research, from his webinar discussion with Illumio, The Time for Microsegmentation Is Now: “‘You won’t really be able to credibly tell people that you did a Zero Trust journey if you don’t do the microsegmentation,’” Holmes said.
Get a recap of Holmes’ webinar discussion with Illumio.
Ultimately, Columbus sees the WEF’s annual meeting theme of rebuilding trust as central to business security this year. “Trust is the catalyst of growth, and getting it right is key to any business growing in 2024.”
63 percent of organizations agree their cloud security is ill-prepared for the next cyberattack
An important and growing part of many organizations’ business operations is the cloud — and as cloud adoption increases, bad actors are increasingly taking advantage of cloud blind spots, outdated cloud architecture and vulnerabilities across the software supply chain.
Nandakumara calls out the paradigm shift caused by the cloud in the operational landscape, including its convenience, flexibility, and scalability. However, he also highlights the significant lag in cloud security, leading to a rise in cyberattacks. In fact, recent research by Vanson Bourne found that nearly half of all cyberattacks originated in the cloud in the last year.
Referencing Vanson Bourne’s research, Nandakumara called out common weaknesses in cloud security that include increased complexity, service sprawl, and minimal visibility. It's clear that traditional cloud security tools are falling short, leaving organizations more vulnerable than ever to evolving cyber threats. This is especially true as AI-generated attacks continue to evolve, making breaches and ransomware attacks more commonplace and easier than ever for threat actors.
"Without robust modern cloud security measures, organizations face the looming (and inevitable) threat of catastrophic cyberattacks,” wrote Nadakumara.
The good news? Nandakumara explained that there are signs IT and security leaders are starting to pay attention to cloud security challenges, with 63 percent acknowledging that their organization’s cloud security is ill-prepared for cyberattacks.
According to Nandakumara, many security leaders are turning to Zero Trust Segmentation (ZTS), for a dynamic, proactive approach to cloud security — in fact, 93 percent agree that ZTS is essential to their cloud security strategy. ZTS, based on the Zero Trust security strategy, focuses on least privilege and assumes intrusion, enabling organizations to visualize workload connectivity, implement granular security policies, and effectively contain attacks across various environments.
“I recommend conducting thorough security audits, implementing ZTS principles, investing in continuous monitoring, and educating all employees on cloud security best practices,” he concluded. “In an ever-evolving cyber threat landscape, staying ahead means continuously adapting and improving your security strategies to protect your cloud environments.”
Expect the threat landscape to evolve and widen in 2024
According to Kindervag, 2023 saw cyberattacks remain persistent and aggressive, with bad actors becoming more sophisticated by leveraging AI. This is especially true for the cloud, which cost organizations over $4 million in cloud-based breaches according to Vanson Bourne’s research.
In his article, Kindervag urges security leaders to remain vigilant in the face of an evolving and widening threat landscape - one that is expected to be more costly and impactful going into 2024: “Bad actors aren't slowing down anytime soon. In the new year, security professionals have to stay vigilant as the threat landscape evolves and widens, becoming more costly and impactful in the process.”
Key to breach preparedness is government involvement. Kindervag predicts a new generation of legislators entering global governments to produce legislation that is a better reflection of the current technology landscape. This will positively impact cybersecurity, encouraging public and private sector organizations alike to follow better security guidance.
But legislation won’t be enough — Kindervag noted that only 25 percent of business leaders think that their organization will be attacked. The reality is that everyone’s a target; breaches and ransomware attacks are inevitable in today’s threat landscape.
As more organizations modernize their cybersecurity thinking, Kindervag said he expects Zero Trust security to increase as a mainstay of cybersecurity best practice. “The phase of simply talking about Zero Trust has ended,” he wrote. “In 2024, we will see greater implementation, not just conceptual buy-in, of Zero Trust."
Overall, Kindervag expects 2024 to be another year of increasing cyberattacks across organizations of all industries, geographies, and sizes: “Cyber teams will be up against new and even more daunting challenges as the threat landscape continues to develop.”
Illumio’s Ruchika Chopra named top woman leader in SaaS
Ruchika Chopra, Vice President of Sales Operations at Illumio, was named one of the top 50 women leaders in SaaS for 2023 by The Software Report. See the full list.
Chopra has 22 years of experience, having begun her career in 2001. She is an experienced leader with a focus on driving operational efficiency and business process re-engineering.
Before joining Illumio, Chopra was a VP of Growth Operations and GTM Strategy at Celona. Before that, she served as a Senior Director of Business Operations and SW Transformation at Juniper Networks. Earlier in her career, she worked with Siebel Systems as a Senior Technical Support Engineer.
Chopra graduated from IMI with an MBA and from Hindu College, Delhi University with an undergraduate degree in economics.
A Call for Cyber Resilience and Zero Trust: Illumio Month in Review
The start of 2022 has brought into focus the heightened priority of Zero Trust security in today’s cyber landscape. Many organizations are facing further complexity in their networks as flexible work options evolve, and a volatile geopolitical landscape has led to an exponential rise in international ransomware attacks and breaches.