Cybersecurity ROI, Critical Infrastructure Zero Trust, and the New U.S. Implementation Plan

Amidst economic challenges and rapid digitalization, cybersecurity (and more specifically, resilience) remains a critical concern for organizations. Security experts are encouraging public and private sector leadership to modernize security initiatives, implement resilience strategies, and use Zero Trust principles as a guide to building more secure networks and infrastructure.  

This was the focus of Illumio news this month. Keep reading to uncover what Illumio experts had to say about:

• Maximizing cybersecurity ROI in an economic downturn
• Securing critical infrastructure with Zero Trust strategies
• The new U.S. National Cybersecurity Strategy Implementation Plan  

Ensuring cybersecurity ROI during a recession

Economists’ predictions for a slowdown in the global economy in 2023 have proven true. As a result, many organizations are looking more closely at spending. This means cybersecurity teams are feeling pressure to prove the ROI of security investments. Raghu Nandakumara, Senior Director of Industry Solutions Marketing at Illumio, shared with Tech Radar Pro his thoughts on how to achieve ROI on your cybersecurity during a recession.  

Before investing in new security technology, Nandakumara says it’s crucial to have a clear plan, set a reasonable timeline, and understand a solution's desired outcomes to gauge ROI.  

"The biggest mistake organizations make is not having a concrete plan on what their desired outcomes are before they invest in new technology. Don't just assume that you will be better protected by buying new security technology,” he explained.  

In addition to understanding objectives and risks, organizations should consider the broader impact of cybersecurity investments. Nandakumara lists factors to consider, including the availability of cheaper alternatives, the potential impact on IT infrastructure complexity, and whether the solution can address multiple challenges.  

“Introducing more complexity will likely mean a more difficult implementation and more time spent managing our IT infrastructure, which in turn could lead to an increase in operational overheads,” he said.  

He also recommends ensuring new technology will complement and easily integrate with new technologies.  

“For example, breach containment technology like Zero Trust Segmentation has been proven to work well with Endpoint Detection and Response technology to boost resilience against ransomware attacks – tests from Bishop Fox show they can work together to stop ransomware four times faster.”

Striking a balance between effectiveness and simplicity is essential to maximize ROI. By doing this work upfront, security teams will have more leverage for getting business buy-in, a critical part of successful implementation and achieving ROI.  

Learn how Illumio Zero Trust Segmentation delivers provable risk reduction and ROI.  

Above all, Nandakumara says cybersecurity investments must drive cyber resilience, especially during an economic downturn when bad actors are all the more eager to exploit vulnerable organizations.  

“Today, every pound spent needs to contribute measurably towards resilience and any investment must have an assured ability to uplift an organization's security posture,” he said.  

In these challenging times, strategic and efficient cybersecurity investments are key to safeguarding business continuity and success.

Why critical infrastructure needs Zero Trust security

With rapid digitization continuing worldwide, it’s more important than ever that critical infrastructure organizations have effective security measures in place to mitigate ever-increasing cyber risks. Trevor Dearing, Industry Solutions Marketing Director at Illumio, wrote for Dark Reading on how Zero Trust can ensure cyberattacks on critical infrastructure don’t impact operations.  

Read the full article: Zero Trust keeps digital attacks from entering the real world

Dearing explains that the public sector’s existing IT and OT connections pose significant risks – as the legacy systems many public sector operations run on were designed without cybersecurity in mind.  

“IT and OT are converging, moving away from separate worlds to become an integrated function,” Dearing said. “Security must converge as well to protect both of these environments."

Learn how Illumio Zero Trust Segmentation helps industries that rely on converged IT and OT effectively contain ransomware, build cyber resilience, and ensure business continuity here.

To mitigate these risks, critical infrastructure organizations must adopt an “assume breach” mindset, which acknowledges that breaches are inevitable, and emphasizes stopping bad actors and minimizing their impact.  

“The good news is that the majority of organizations recognize the need to harden their security postures,” explained Dearing. “According to a recent Gartner report, 81 percent are moving beyond cyber awareness and actively searching for vulnerabilities in their systems.”

Dearing highlights Zero Trust as a way for critical infrastructure organizations to reduce risk in today's hyperconnected environments. As a result of the Biden Administration's 2021 Executive Order on Improving the nation’s Cybersecurity (which touted Zero Trust as a cyber resilience best practice), the principles of Zero Trust are becoming globally recognized and implemented, emphasizing the need for organizations to shift their mindset in favor of more proactive security policies.

“It's about shifting the mindset and changing people's approach to cybersecurity, not adopting a specific solution,” Dearing said. “It would be remiss for organizations not to foster this mindset, as they will be unable to plan accordingly in the case of an attack and the subsequent consequences.”

A federal CTO’s take on the new U.S. National Cybersecurity Strategy Implementation Plan

The White House has unveiled the National Cybersecurity Strategy Implementation Plan, aimed at enhancing the federal government’s software supply chain and promoting public-private collaboration. Gary Barlet, Federal Field CTO at Illumio, shared his thoughts on the plan with Rory Bathgate for IT Pro in the article, US says National Cybersecurity Strategy will focus on market resilience and private partnerships.

Looking for more perspectives? Top private sector cybersecurity experts weigh in, in MeriTalk’s article, Cyber Experts Look to National Cyber Plan Funding, Collaboration.

Bathgate details the particulars of the plan, which is structured around five pillars, encompassing more than 65 initiatives for enhancing federal, public, and private cybersecurity. These include defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces, investing in resilience, and forging international partnerships.

Read the full plan here.

Tactically, the plan focuses on improving market resilience through a software liability framework and reducing gaps in software bills of materials for critical infrastructure. The plan also emphasizes private sector accountability, especially the importance of timely reporting of cyber incidents. Vendors providing deficient cybersecurity products or services will face stricter enforcement, and the government is considering a Federal Cyber Insurance Backstop to support the cyber insurance market during catastrophic incidents.

Overall, Barlet said he is encouraged by the plan: “The National Cybersecurity Strategy Implementation Plan (NCSIP) gives much-needed guidance for agencies on improving cyber resilience. It assigns timebound goals and initiatives to each agency – giving them direction on how to reach the strategy’s clear objectives.”

Barlet was particularly interested in the plan’s focus on cyber resilience, which he considers a key aspect of any cybersecurity plan - regardless of sector. Despite these highlights, he also noted a few important points missing from the plan, including direct funding and clearer accountability mechanisms.

These shortfalls don’t overshadow the impact of the plan from Barlet’s perspective. “If agencies can align their budgetary responsibilities and resources with these initiatives, then they will be well equipped to bolster their cyber resilience today and tomorrow.”

Read more about Barlet’s thoughts on the plan in his article, What You Need to Know About the New National Cybersecurity Strategy Implementation Plan.

Interested in learning more about Illumio? Contact us today.