.png)
Managing Cyber Risk, Building Cyber Resilience, and Securing Hybrid Work
The risks your organization faces are changing - fast. Are you prepared?
This month's news coverage centered around mitigating risk - whether from current economic upheaval, sophisticated cyber threats, or ongoing risks posed by hybrid work.
Keep reading to get insight from Illumio business and cybersecurity leaders on how to keep your organization resilient.
How Illumio's CEO and co-founder is combatting economic uncertainty
The economy is one of the most important stories of the moment. In response, Illumio co-founder and CEO, Andrew Rubin, shared his experience with economic uncertainty with NASDAQ in his article, As a Cyber CEO, Here's How I'm Combatting Economic Uncertainty.
As a later-stage startup co-founder, Rubin says that this isn't the first time he's seen today's "economic red flags." These are his 3 recommendations for business leaders who are looking to make the best of the economic downturn.
1. Start with the facts
According to Rubin, "The best thing you can do is run the business on the business."
This means to compile as much data as you can and ask questions. Rubin explains that your business's numbers are the facts available to you. You may not have all the numbers you want, but they are your best insight into the true health of your organization.
"Additionally, keep in mind that what's happening across the market doesn't necessarily impact your business - but you still must prepare for any possibility," he says.
Just because you see headlines of other organizations making certain changes based on current economic circumstances doesn't mean those same changes need to happen in your organization, according to Rubin. Every business is different and needs different things - regardless of market health.
This is where the facts of your business - the numbers - help provide guidance on what is right for your organization. As Rubin explains, "Don't let uncertainty slow you down. Let the numbers be your guide and find the opportunities that often present themselves in uncertain times."
2. Know that the best companies are built in the harshest markets
Rubin believes this is true for two reasons: discipline and market competition.
Startups that raise money and then burn it are in for a difficult time during even the slightest economic slowdown, Rubin says. The past decade has been an easy space to grow a startup - but it takes discipline to survive a market downturn.
"Just because you have the money sitting in the bank doesn't mean you have to spend it," he explains.
There must be a business case for spending money, especially when the stability of the next few quarters is uncertain. And this requires discipline: "Resilience is predicated on discipline," Rubin says.
Additionally, Rubin believes that having a compelling product isn't always enough for a startup to survive harsh economic conditions. Market downturns "winnow out weak businesses" and spotlight the importance of discipline with spending, he says.
"There's a reason why the average lifespan for a tech startup is seven years. Very few (3%) see the light of day after 10 years," Rubin noted.
Despite the impact of a downturn, Rubin believes that there are still businesses opportunities available, and smart leaders are able to spot and take advantage of them.
"The balancing act is the hard part; it requires being deliberate, not making knee-jerk decisions and yet still taking advantage of the opportunities as they present themselves," he explains.
3. Communicate your value to customers
Finally, Rubin encourages business leaders to remember that it's not just your business that's impacted by the economy - your customers are, too.
Now is the time to make sure the economic value of your offerings is crystal clear to customers and prospects, he says.
"As many companies tighten purse strings, it is your job to clearly articulate the economic value you deliver to each customer and prospect," Rubin explains.
If you aren't able to communicate what makes your offerings a business necessity, expect to be written off as superfluous during hard times.
This means the way you talk about your offerings may change: "Help your customers see you not just as another line item, but as an important business partner helping them achieve their mission," Rubin says.
Finance sector: An economic downturn means increased cyber risk
With today's focus on the economy, the financial sector is in the spotlight - and bad actors will take advantage, especially of financial organizations' security vulnerabilities.
Raghu Nandakumara, Illumio's Senior Director of Industry Solutions Marketing, addresses the importance of cyber resilience in the financial services and banking sector in his article for Finance Derivative, Why cyber resilience is the banking sector's top priority?
Nandakumara notes that in 2021, the banking sector accounted for 6 percent of the top ransomware attacks. But in 2022, attacks targeting financial organizations have nearly tripled.
"The critical nature of the financial sector makes it very vulnerable to widespread digital threats," he says.
Because of this, Nandakumara urges financial organizations to start building cyber resilience now.
"These organizations are the backbone of our economy and societies," he explains. "If a banking organization is unable to facilitate financial transactions, it will disrupt the wider marketplace for liquidity and assets. The disruption of financial services means a part of society's capital flow will be completely halted."
He recommends starting with visibility for cyber resilience. Financial organizations oftentimes have complex network infrastructure. This complexity makes it difficult for security teams to get visibility into their networks.
"If you can't see the risks, how can you defend against them?" he asks.
Next, he encourages organizations to adopt an "assume breach" mindset which presumes that network intrusions are inevitable and encourages organizations to arrange the network's defenses to mitigate the impact.
"Employing Zero Trust Segmentation (ZTS) is one of the most effective methods for making the 'assume breach' model a reality," Nandakumara says.
As a pillar of a Zero Trust architecture, ZTS divides a network, data center, cloud environment or endpoint estate into multiple segments. Each segment has its own access and authentication policies, where user identities, devices, and network configurations must be validated every time a user requests access.
"Even if one part of the organization falls victim to a breach, the bulk of business can continue as usual. That is true resilience and how financial firms can stay one step ahead of the attackers," he says.
The banking sector will continue to be the target of ransomware and other sophisticated cyber threats, he believes. Successful cyberattacks on financial institutions have the potential to be extremely disruptive, making them excellent targets for ransom money.
"Cyber criminals follow the money," he explains. "By putting in place proactive security measures, the financial sector can build resilience and ensure critical systems remain operational and sensitive data protected, regardless of what threats come its way."
Read our industry guide to find out how Illumio can help implement Zero Trust Segmentation in your financial services or banking organization.
Federal agencies: CISA's Strategic Plan initiates another vital step towards cyber resilience
In addition to the financial sector, Gary Barlet, Illumio's Federal CTO, addressed the pressing need for building cyber resilience in the Federal government in his Cyber Defense Magazine article, CISA's Strategic Plan: A Step in the Right Direction.
In 2022, Barlet says that the world will spend nearly $170 billion on cybersecurity, and some $20 billion of that will be spent by the federal government. But in spite of this massive cyber spending, the number of ransomware attacks is increasing.
This is why Barlet thinks the 2023-2025 Cybersecurity and Infrastructure Security Agency Strategic Plan is so important.
"It is an acknowledgement that our collective approach to cybersecurity needs to change if we want to stay ahead of evolving threats," he says.
Traditional security models focused on prevention alone aren't able to cope with today's hyperconnected, digital-first landscape. Breaches are inevitable, and the federal sector needs a way to contain breaches when they happen.
Barlet considers CISA's emphasis on bolstering resilience a marked change away from the prevention-first model - noting this plan is the start of a "new era of cybersecurity - one predicated on breach containment and resilience, focusing on isolating breaches and minimizing their impact to reduce damages and maintain continues operations."
In particular, Barlet recommends Zero Trust capabilities like microsegmentation, also called Zero Trust Segmentation (ZTS), to help isolate cyber threats and reduce risk. All of the initiatives in CISA's plan can be accomplished with a Zero Trust security strategy.
While Barlet believes that CISA's Strategic Plan does good work in terms of encouraging federal agencies to shift to a resilience-based mindset, there are two major issues the plan doesn't address: accountability and funding. This comes down to the fact that change happens slowly in the federal government, says Barlet.
Get further insight from Barlet in his article about the challenges Federal agencies face when implementing modern cybersecurity.
Despite these two shortcomings, Barlet believes “CISA's Strategic Plan is a big step in the right direction.”
"With threat actors evolving and the attack surface rapidly expanding, we must move from a traditional 'prevent breach' approach to a mindset of 'assume breach.'"
Want to learn more about how Illumio can help stop the spread of ransomware and breaches for your agency? Click here.
How to secure your hybrid workforce
Over the past few years, nearly every sector has changed the way work gets done - and many organizations are now fully embracing hybrid work.
Illumio's CTO and co-founder, PJ Kirner, spoke specifically to the changing nature of work and the cyber risks that come with it in his article for Spiceworks, Mitigating Security Risks As a Hybrid Organization.
He shared his three recommendations for business leaders who are adapting their future-of-work plans to account for a hybrid workforce.
1. Adopt Zero Trust and an "assume breach" mindset
According to Forrester, "Zero Trust is an information security model that denies access to applications and data by default" - in other words, says Kirner, it minimizes implicit trust.
Zero Trust is predicated on assuming breaches are inevitable.
"Today, breaches are bound to happen," explains Kirner.
And with hybrid work becoming the norm, bad actors have even more attack vectors to exploit than they ever have before. Employees are increasingly working from multiple devices, locations, and networks far outside of traditional desktop computers connected to the organization's internal network.
Kirner urges organizations to prepare for the new cybersecurity challenges resulting from these changes.
"The days when organizations could focus solely on keeping bad actors outside perimeter walls by relying mainly on security at a perimeter are long gone - hybrid work is another thing eroding any efficacy of perimeter controls," he explains.
2. Put Zero Trust into practice
Kirner recommends organizations first start with getting visibility into their network.
"You can't secure what you can't see," he says.
Then, prioritize the most important assets that bad actors would likely target first.
"Organizations should focus on shoring up their most high-value or at-risks assets first. Then, you can determine which security controls are best suited to address your unique operational and environmental needs," explains Kirner.
3. Make progress now
Recent research by analyst firm ESG found that 39 percent of all security spending over the next 12 months is earmarked to advance Zero Trust initiatives. This means Zero Trust is a key priority for most organizations.
"My biggest piece of advice is to get started now," says Kirner. "It can be tempting to wait to create 'perfect' plans on paper before making tangible progress, but we're not any more secure until we implement the security controls. So, make incremental progress ASAP."
As hybrid work becomes entrenched in the way we do business, so will the cyber risks associated with it. Organizations must prepare for inevitable breaches and focus on building cyber resilience now.
"The key to smarter, efficient, and effective security in our hybrid environment is to embrace technology offerings like Zero Trust that enable protection for systems, processes and resources across the organization," explains Kirner.
Kirner also spoke directly to containing inevitable breaches in the cloud in his blog article for the Cloud Security Alliance, How to Contain Breaches in the Cloud.
Illumio Endpoint prevents breaches caused by hybrid work from spreading across the enterprise, with segmentation purpose-built for end-user devices. Get more information here.
Learn more about the Illumio Zero Trust Segmentation Platform:
- See why Forrester named Illumio a Leader in both Zero Trust and microsegmentation.
- Learn Gartner best practices for implementing microsegmentation - and why they chose Illumio as a Sample Vendor for microsegmentation.
- Read how HK Electric ensures its impeccable supply reliability of 99.999% by deploying Illumio Zero Trust Segmentation.
- Contact us to find out how Illumio can help strengthen your defenses against cybersecurity threats.
