Blog
/
Cyber Resilience

Industry Experts on the 3 Most Important Cybersecurity Best Practices

Illumio Editorial
October 13, 2023
23 min. read

As we continue through Cybersecurity Awareness Month, we thought we’d bring you a few of our favorite cybersecurity best practices and takeaways courtesy of some of the brilliant industry experts featured on Season 1 of Illumio’s The Segment: A Zero Trust Leadership Podcast.

As organizations increasingly look to advance cyber resilience objectives, maximize ROI, and accelerate Zero Trust journeys, here are a few of the top tips that have stuck with us from leaders at Microsoft, IBM, Cylera, AWS, and more.  

1. Zero Trust is a journey. You have to start small.

According to Greg Tkaczyk, Executive Consultant at IBM Security, who was featured on episode 5 of The Segment alongside coworker Stephan Corragio, Managing Partner at IBM Security, “Zero Trust is a journey... The focus has to be on continuous and incremental improvement that's measurable. And not big bang implementations that are going to disrupt the business."

Ryan Fried, Senior Security Validation Consultant at Mandiant (formerly Senior Information Security Engineer at Brooks Running) concurs. On episode 10, Ryan shared his own practitioner perspective on starting small and making incremental progress towards Zero Trust:  

"In almost everything we do, we think about how we can go towards Zero and also Zero-ish Trust,” Ryan explained. “Actual Zero Trust is really hard to do, and I think it's really intimidating. When I first thought about Zero Trust, I thought about being able to allow less server-to-server communication, which really scares me, and it's really production-impacting. But for instance, what we're talking about is microsegmentation from a Zero Trust perspective. What is the best bang for our buck that we're going to get with being the least disruptive?"

Illumio Co-Founder and Advisor PJ Kirner (our guest on episode 6 of The Segment) further validates Greg’s and Ryan’s assertions that making progress on Zero Trust is what’s most important — and that journey looks different for everyone.

“You don't buy Zero Trust. There's not a single vendor that just you go buy it from, and you go check the checkbox. There is a journey that you're going on. That's what it is. It is strategy. You have to discover what's out there."

2. Visibility is paramount to cyber success

As more organizations look to advance their Zero Trust progress amidst hypercomplex, hyperconnected multi-cloud environments, visibility becomes essential.  

Ann Johnson, Corporate Vice President for Microsoft Security Business Development, shared on episode 12 that, "The biggest problem CISOs still tell me today is visibility. So how do you see that something truly bad is happening in your environment, detect it super quickly and stop it from doing damage?"

Stephen Corragio, Managing Partner at IBM, shared his own take on how visibility continues to come up in conversations with clients on episode 5: “...back in the day it was around protecting everything, encrypting everything, and really making sure that we scan everything in an environment. Now when we talk to clients, it's around how do we make sure that we are truly looking after the most important things in our environment, making sure that those are properly protected, controlled. We have visibility, we're monitoring that, and then we're responding to threats in those particular environments versus trying to boil the ocean in everything that we do.”

In other words, everything today — from prioritization, to remediation, to vulnerability management — starts and ends with visibility.  

3. Better late than never: Organizations have to start assuming breach

Richard Staynings, Chief Security Strategist at Cylera, shared on episode 11 that, “[Cyber resilience] is about sustaining an attack. Knowing that you're going have one, sustaining the attack, having business continuity measures in place that are well practiced and incident response measures in place that are well practiced so that you can continue the business, even if it's just on a trickle level. And you can keep your customers relatively satisfied while you clean up and restore. And that requires high levels of resiliency in your architecture, your application, your infrastructure and so much more."

In other words, assuming breach translates to preparedness which in turn results in business continuity and resilience.

Illumio’s Gary Barlet, Federal Field CTO, explained on episode 8 that, "the future of Zero Trust is going to be about... going back to assume breach... trying to get things down to the smallest piece possible. You talk about securing data, at the data element level. You're talking about securing applications at the application level, and at the individual piece, we get into microsegmentation of the individual pieces of an application. Trying to draw that ring of defense as small and as close to the source as possible, as opposed to the traditional, let's just draw big circles and try to prevent anybody from getting through the big circle, right. And doing it in such a way that it's layered, so that it really makes it difficult for adversaries to get in."

As the experts say, Zero Trust is all about progress over perfection. And every organization’s Zero Trust journey differs. But as you look to advance your own Zero Trust strategy and build resilience within your organization, make sure you’re starting with assume breach, prioritizing end to end visibility, and focus on making incremental progress on your Zero Trust goals. After all, the enemy of progress is perfection.

Make sure your organization is prioritizing cyber awareness and remaining resilient all year-round! Contact us today for a free consultation.

Related topics

No items found.

Related articles

Cyber Monday: Are Your Situational Crown Jewels Protected This Holiday Season?
Cyber Resilience

Cyber Monday: Are Your Situational Crown Jewels Protected This Holiday Season?

Proper protection is not fleeting like the Starbucks holiday product glossary. Good security should be baked in and accounted for all year round.

Read more
Why Log4j Vulnerabilities Highlight the Importance of DevSecOps
Cyber Resilience

Why Log4j Vulnerabilities Highlight the Importance of DevSecOps

In December 2021, IT security teams and development organizations around the world got a rude wake-up call.

Read more
3 Challenges Federal Agencies Face When Implementing Modern Cybersecurity
Cyber Resilience

3 Challenges Federal Agencies Face When Implementing Modern Cybersecurity

The U.S. federal government collects the personal information of almost every citizen. And federal agencies hold valuable data, some of which could put the country in danger if it was released.

Read more
5 Tips for Getting the Best ROI From Your Cybersecurity Investments
Cyber Resilience

5 Tips for Getting the Best ROI From Your Cybersecurity Investments

Learn how to extract ROI from your investments to improve your security posture, mitigate risk, and ensure a robust security strategy.

Read more
Get 5 Zero Trust Insights from Microsoft’s Ann Johnson
Cyber Resilience

Get 5 Zero Trust Insights from Microsoft’s Ann Johnson

Hear from Ann Johnson, Corporate VP of Microsoft Security Business Development, on cyber resilience, AI, and where to start with Zero Trust.

Read more
Preparing For Zero-Day Exploits Like MOVEit? Get Application Visibility
Cyber Resilience

Preparing For Zero-Day Exploits Like MOVEit? Get Application Visibility

Learn why comprehensive application visibility is essential to prepare for zero-day exploits like MOVEit and how Illumio can help.

Read more

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more