Economic uncertainty continues to pull cybersecurity focus in opposing directions. Ransomware attacks continue steadily – but organizations’ security budgets are getting tighter, leaving business leaders wondering how they can maximize their security investments while remaining secure against the latest cyber threats.
This question was the focus of Illumio’s February news coverage. This article covers:
- How to improve security ROI in 2023
- Why traditional prevention and detection security methods aren’t enough to protect against today’s sophisticated attacks
- How endpoint segmentation helps to fend off ransomware
- What trends the federal sector can expect to see in the coming year
Economic uncertainty spurring the shift from prevention to breach containment strategies
Raghu Nandakumara, Head of Industry Solutions at Illumio, wrote How to Improve ROI From Your Cybersecurity Investments in 2023 for The European Business Review this month.
Within, Nandakumara highlights how breaches are still happening despite continuous breach prevention and detection efforts. In fact, 43% of businesses suffer unplanned downtime from cyberattacks each month, according to research by ESG.
It’s clear that traditional security methods aren’t working, as ransomware and other cyberattacks grow in sophistication. Instead of continuing down the path of unsuccessfully attempting to prevent all breaches from happening, Nandakumara sees organizations increasingly taking an “assume breach” approach that focuses on building cyber resilience through containment – with more effective and consistent business results.
This shift is also happening in the federal sector. Read more about what breach containment means for federal organizations in this article by Illumio federal CTO, Gary Barlet.
Nandakumara sees breach containment coming to fruition in 4 ways:
1. Cybersecurity oversight committees
Similar to committees already used in legal and risk management settings, new cybersecurity oversight committees will oversee and evaluate their organizations’ cyber risk management strategies and help demonstrate their security capabilities to customers, stakeholders, and regulators.
“Committees will be responsible for looking at cybersecurity objectively, establishing a set of baseline expectations to hold the business accountable, monitoring for oversights, and adding direction to ensure the cybersecurity strategy aligns with the business objectives,” explains Nandakumara.
Nandakumara sees cybersecurity oversight committees as key to organizations’ building trust and achieving security resilience.
2. More actionable cybersecurity data
Managing breaches can no longer be one-size-fits-all – business leaders will demand data on their organization’s security posture to inform effective decision-making, says Nandakumara.
Security teams will need to quantifiably model their organizations’ security posture and build a complete picture of their cyber risk.
“Whenever the board asks about cyber posture, teams can provide an accurate answer” with clear data, according to Nandakumara.
3. Resilience will be the most important metric of success
From a traditional prevention-first mindset, organizations often judge their business continuity plans based on their Recovery Time Objective (RTO) to their Recovery Point Objective (RPO). But in 2023, Nandakumara says that any downtime will be unacceptable.
Instead, cyber resilience will become an industry-recognized metric.
“Stringent testing and the development of industry-wide metrics to help benchmark against peers and understand what ‘success’ looks like will force organizations to think about their appetite for risk and establish an acceptable minimum level of maintainable security to avoid fines, profit loss, or loss of reputation,” explains Nandakumara.
4. Investment will go to breach survival rather than prevention
Budgets are getting tighter – it’s a fact. And that means money needs to go to security methods that consistently deliver a sizable return on investment.
Nandakumara sees business leaders putting investment in cyber resilience, rather than prevention, with solutions like Zero Trust Segmentation (ZTS) paving the way. While prevention and detection technology like EDR (endpoint and detection response) is still important, it alone is not enough to stop the catastrophic spread of ransomware and other breaches across hybrid environments.
Learn more about the efficacy and ROI of Zero Trust Segmentation here.
Illumio extends ZTS to endpoint devices with Illumio Endpoint
Michael Novinson interviewed Andrew Rubin, Illumio’s CEO and cofounder, for Bank Info Security’s article Illumio CEO on Fighting Ransomware via Endpoint Segmentation.
During their forward-looking conversation, Novinson and Rubin discussed why organizations need to secure endpoints to protect from ransomware spread in our world of remote and hybrid work.
“Unlike servers, users often connect their endpoint devices to Wi-Fi in unsecure locations such as an airport or a Starbucks,” explained Novinson.
This is why endpoint devices are the most popular attack vector for ransomware and other breaches – and why Illumio developed Illumio Endpoint.
“Illumio has extended its segmentation capabilities from servers and workloads to endpoints to minimize damage in the event of a ransomware attack,” said Rubin.
Novinson explains how containing ransomware on endpoints with ZTS helps organizations effectively thwart ransomware from spreading across their networks.
"Many of our customers will use Illumio Core to ring-fence or segment a crown jewel application or asset," said Rubin. "That's a server or a cloud workload use case, whereas on the endpoint, one of the most common uses is simply stopping one endpoint from talking to other endpoints. Although those two use cases are very similar in the benefit, they're expressed very differently in terms of the policy."
Novinson and Rubin also discussed what’s different about segmenting endpoints compared to servers or the cloud and the relationship between Zero Trust and microsegmentation.
Watch the interview to hear their full conversation.
Key trends impacting federal cybersecurity in 2023
Gary Barlet, Illumio Federal CTO, shared the challenges facing the federal sector this year in his article in Cyber Defense Magazine, Looking Ahead to 2023: Cyber Trends to Watch.
Here are the 5 trends Barlet recommends keeping an eye on:
1. Zero Trust
Barlet sees the federal government taking Zero Trust security seriously.
“The federal government has started waking up to the prevalence and necessity of adopting an ‘assume breach’ mentality which will result in a seismic shift in how agencies defend their operations in 2023,” he said.
This means agencies must evaluate their progress on Zero Trust initiatives – and put aside limited resources towards making further Zero Trust progress.
“Agencies need to avoid paralysis by analysis. Even incremental, small steps toward implementing Zero Trust plans will contribute to building resilience to cyberattacks,” Barlet explained.
The barrier to entry for bad actors is at an all-time low, according to Barlet. Ransomware-as-a-service has made it easier for more hackers to get into the cyberattack business in new ways.
“We can expect to see smaller-scale bad actors, who wouldn’t normally have the resources to launch cyberattacks against the U.S. federal government, tapping into these services in 2023,” said Barlet.
Barlet recommends federal organizations be prepared for new, sophisticated, and potentially devastating breaches in 2023.
3. Artificial Intelligence (AI)
AI will make business operations faster – and it will do the same for bad actors. Barlet says AI will allow bad actors to “develop better deep fakes, improve phishing attacks, and augment existing tactics to better evade decisions.”
According to Barlet, “As AI gets smarter, agencies must be prepared for attackers to keep pace.”
4. CISA Priorities
Barlet supports CISA’s efforts to improve cybersecurity for critical infrastructure sectors, K-12 schools, and healthcare. But he acknowledges that these sectors have outdated, antiquated, underfunded, and under-resourced IT systems and staff.
He encourages CISA to get back to the basics: “Over the next year, the focus should be on improving the basics (like implementing widespread two-factor authentication and Zero Trust Segmentation, for example).”
How to accomplish this? Barlet recommends CISA provide “tangible help” like technology and software to help critical infrastructure and other high-risk sectors implement solutions that reduce risks posed by inevitable breaches.
5. Cyber skills gaps
The cybersecurity industry is facing increased pressure to create and maintain a skilled cybersecurity workforce. This is especially true for the federal sector which already struggles to recruit cybersecurity talent.
Barlet sees the cyber skills gap as a major challenge for federal agencies in 2023 – he recommends federal leaders get creative in addressing this challenge.
“As the skills gap persists, federal leaders should seek to enhance collaboration between agencies to maximize talent,” said Barlet. “We must use our cyber workforce judiciously.”
Ready to learn more about Illumio Zero Trust Segmentation? Contact us to find out how Illumio can help strengthen your defenses against cybersecurity threats.