/
Zero Trust Segmentation

Top Cybersecurity News Stories From November 2024

Cybersecurity didn’t just make headlines this month. It sparked debates, raised alarms, and demanded action.  

Experts across the industry weighed in on how to tackle today’s most pressing threats. Above all, Zero Trust proved to be a must-have strategy across every industry and at any scale.  

This month's news features insights from cybersecurity experts about:

  • Why relying on goodwill alone won’t secure critical infrastructure
  • The risks of stopping your cybersecurity strategy at identity
  • The devastating impact of third-party attacks on healthcare
  • How Illumio’s new partner program makes the Zero Trust journey that much easier

CISA’s Secure by Design pledge falls short — and how to fix it

A headshot of Gary Barlet

In his recent Dark Reading article, The Power of the Purse: How to Ensure Security by Design, Gary Barlet, Illumio's public sector CTO, discussed CISA’s new Secure by Design pledge which pushes software companies to prioritize security from the ground up.  

Big names like Google, Microsoft, AWS, and Lenovo are on board, and the pledge sets some ambitious goals. One standout is implementing multifactor authentication (MFA) across the board within a year.  

But here’s where Gary takes issue with the pledge: It's entirely voluntary. There’s no enforcement mechanism.  

He puts it bluntly: “How is a voluntary pledge going to protect critical infrastructure when breaches are at an all-time high?”  

Last year, data breaches shot up by 72%, with the average breach costing a whopping $4.88 million. Clearly, the stakes are too high for an honor system.

Gary argues that relying on companies to do the right thing isn’t enough. “We need to mandate it and punish those who fail,” he says.  

He uses the European Union’s (EU) hardline stance on standardized charging ports for electronics as an example. Even giants like Apple had to comply. The same goes for California’s Zero Emissions Vehicle rules. Regulations forced the auto industry to innovate.

His point? Strong rules get results.

Gary suggests CISA should take a page from these playbooks and make its goals mandatory. This would mean regular audits, compliance checks, and accountability measures for companies that fall short.  

Voluntary measures won’t cut it. As Gary warns, “The stakes are too high for a ‘suggestion box’ approach to cybersecurity.” And it makes you wonder — when will cybersecurity regulations catch up to the urgency of the problem?

Cybersecurity doesn’t end with identity

For Raghu Nandakumara, senior director of industry solutions marketing at Illumio, the cyber industry needs a wake-up call about identity security. He shared his insight into the topic in his new Help Net Security article, The changing face of identity security.  

According to Raghu, we need to dispel the myth that cybersecurity stops at user identities. "It’s dangerous to forget all the other identities that make up the average network," like devices, applications, and oft-overlooked service accounts, he explained.

These service accounts, often holding elevated privileges, are a goldmine for attackers. In increasingly popular Kerberoasting and Golden Ticket attacks, threat actors exploit weak points in service accounts to wreak havoc across networks.

So, what’s the fix? Raghu focuses on a Zero Trust strategy that’s grounded in microsegmentation. He explains that Zero Trust isn’t just about verifying users. It’s about controlling every "who, where, and how" across the network.  

And with microsegmentation, you’re not just monitoring traffic. You’re locking it down. As he puts it, microsegmentation "ensures that only verified entities — whether users, devices, or applications — can access critical resources." Think of it as building secure pathways that stop attackers in their tracks.

For Raghu, a smart security strategy starts with knowing your biggest risks. Focus on your critical assets, figure out where you’re most vulnerable, and put identity-based controls in place where they’ll make the biggest impact.

A security strategy shouldn’t end with identity. As Raghu explains, don’t just protect your doors — lock down the whole house. Zero Trust plus smart identity security and microsegmentation mean a stronger, safer network.

UK NHS cyberattacks: Exposing healthcare’s security blind spots

Earlier this year, the UK's NHS suffered major cyberattacks, including ones that took down NHS Scotland in May and London hospitals in June. What’s curious — and worrying — about these attacks is that they weren’t direct hits. They came through third-party suppliers.  

Think Digital Partners reporter Christine Horton interviewed Trevor Dearing, industry solutions marketing director at Illumio, on the topic in her article, How the NHS can reduce the risk from the endless loop of supply chain attacks.  

"A business is only as secure as its weakest third-party supplier," Trevor noted.

And with the NHS relying on thousands of external providers, that’s a massive risk.

Even worse, most of the NHS is running on outdated, clunky IT systems. Around 77% of the UK healthcare sector is stuck in the tech dark ages, using legacy systems that are practically gift-wrapped for cybercriminals.  

These systems aren’t just hard to patch. They weren’t built with modern security in mind. At this point, upgrading them isn’t optional; it’s survival.

This is why the NHS’s approach to supply chain security needs a serious overhaul. A July 2023 report revealed over a quarter of NHS Trusts hadn’t tested their suppliers’ cybersecurity in the past year. That’s not just a blind spot — it’s an easy target for attackers.  

Trevor said that regular audits and simulations should be a security baseline in the healthcare industry, especially with such a sprawling, complex supply chain.

But the baseline shouldn’t be enough. Breaches are inevitable. Healthcare organizations should be building Zero Trust security.

Based in a “never trust, always verify” approach, a Zero Trust security strategy grounded in microsegmentation isolates systems and stops breaches from spreading through the network. This allows organizations to contain breaches before they spiral out of control.  

For Trevor, cyber resilience is the ability to lock down infected areas while keeping critical services running. In today’s healthcare threat landscape, breach containment isn’t just a backup plan. It’s the only path forward.

Illumio announces its new Enlighten Partner Program

Two cybersecurity professionals discussing Illumio's Enlighten Partner Program

Illumio just took its partner program to the next level with a revamped Enlighten Partner Program. SDxCentral spotlighted the launch in the article, Illumio Expands Partner Program to Enhance Zero Trust Segmentation Support.

Over the past year, Illumio continuously reached out to its partners to understand what they need to invest in and grow their business. Based on their learnings, they’ve evolved the partner program to offer updated training and enablement, hands-on tools, and a new pricing structure to help partners sell, deploy, and manage Illumio’s microsegmentation solutions.  

Why does this matter? According to Gartner, the microsegmentation market is growing exponentially. Segmentation is the best answer to building resilience against today’s constant, sophisticated cyberattacks.

As Todd Palmer, Illumio’s SVP of global partner sales, explained in the article, “Organizations understand the necessity and want to proceed, but the perceived complexity often stands in the way. This creates an enormous opportunity for our partners.”

Leaders from companies like World Wide Technology (WWT) and MIEL said they see their partnership with Illumio as a big opportunity to grow their own businesses while solving some of the most crucial cybersecurity pain points for customers.

At the core of the program is Illumio’s Zero Trust Segmentation platform which uses AI-driven insights to contain breaches, quickly respond to attacks, and build cyber resilience. Illumio’s partners now have the curriculum, tools, resources, and pricing models to meet the needs of their customers.    

Contact us today to learn how Illumio can help you contain the spread of breaches and ransomware attacks.

Related topics

No items found.

Related articles

How Will You Get the Most Out of Black Hat USA 2015 and DEF CON 23?
Zero Trust Segmentation

How Will You Get the Most Out of Black Hat USA 2015 and DEF CON 23?

Black Hat and DEF CON have definitely grown from the early years, and even from when I last attended, seven years ago. The events are still an eclectic annual gathering of many security tribes, but the expo floor at Black Hat is now packed with vendor booths as well.

Meet Illumio in London at the Gartner Security & Risk Management Summit 2024
Zero Trust Segmentation

Meet Illumio in London at the Gartner Security & Risk Management Summit 2024

Illumio is excited to be part of the Gartner Security & Risk Management Summit 2024 happening September 23–25 in London.

5 Reasons DevOps Will Love Micro-Segmentation
Zero Trust Segmentation

5 Reasons DevOps Will Love Micro-Segmentation

When segmentation runs off the same metadata sources as the application automation, it is easy for DevOps teams to build segmentation into automated workflows.

Inside Illumio’s New Enlighten Partner Program with Todd Palmer, SVP of Global Partner Sales and Alliances
Partners & Integrations

Inside Illumio’s New Enlighten Partner Program with Todd Palmer, SVP of Global Partner Sales and Alliances

Discover how Illumio’s new Enlighten Partner Program empowers partners to thrive in the evolving microsegmentation market.

What's the Baseline for Cyber Resilience?
Cyber Resilience

What's the Baseline for Cyber Resilience?

Discover how a Zero Trust strategy, grounded in microsegmentation, can prepare organizations to not just survive and but thrive after a cyber incident.

7 Practical Tips for CISOs Building Zero Trust from Netskope CISO Neil Thacker
Zero Trust Segmentation

7 Practical Tips for CISOs Building Zero Trust from Netskope CISO Neil Thacker

Get insight from Netskope CISO Neil Thacker on the tips that can help security leaders and CISOs navigate the road to Zero Trust.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?