Top Cybersecurity News Stories From September 2024
With new technologies like AI and more sophisticated breaches on the rise, businesses and governments alike are scrambling to keep up and stay safe. September’s headlines remind us that in today’s digital world, it's everyone's responsibility to be ready to protect our networks.
This month’s news covers what cybersecurity experts are talking about:
- Why there needs to be board-level focus on cybersecurity strategy
- Zero-trust myths that are holding companies back from modern cybersecurity best practices
- How federal security teams are using zero-trust solutions like microsegmentation to build cyber resilience
Forbes: Boards should rethink their cyber strategies after recent tech disruptions
In July, the historic outage affecting 8.5 million Microsoft Windows devices around the world disrupted flights, cut off internet services, and even affected medical appointments.
Even though the problem was fixed as quickly as possible, the incident shows just how vulnerable our technology systems can be. Andrew Rubin, Illumio’s co-founder and CEO, shared his thoughts with Roger Trapp in Forbes, Boards Need To Take A Hard Look At Their Cyber Vulnerabilities.
Some experts say this outage should make us think more about how much we rely on technology.
The UK Centre for International Governance Innovation (CIGI) recently wrote an article calling for a closer look at how dependent we are on tech, especially since a few big companies control so much of it. "The global IT outage shows how fragile our tech-optimized society is," said Susie Alegre, a senior fellow at CIGI. She warned that this concentration of power in just a few companies is risky for both public and private sectors.
Andrew Rubin, Illumio’s co-founder and CEO, agreed with these concerns. He explained that companies are now more aware of these risks, especially after the outage and a previous breach earlier this year.
“There is definitely a desire to protect,” Rubin said, noting that businesses are now more likely to approve extra money for cybersecurity when requested by their security teams.
But Rubin also said that just spending more money won’t stop future problems. “There is so much technology all over the world, and it’s growing so fast, that it’s impossible for security teams to keep up,” Rubin explained. Even before artificial intelligence (AI) is fully rolled out, the amount of technology already makes it hard to keep everything secure.
Rubin believes this is a wake-up call for companies to take a more serious and thoughtful approach to cybersecurity. While more money and protection are important, the fast pace of technology means businesses need to rethink how their strategies for protecting their systems to stay ahead of future risks.
4 zero-trust myths dispelled by John Kindervag
Zero trust is now a common cybersecurity approach and the best strategy for today's businesses. That’s why it’s important for them to understand zero trust clearly.
John Kindervag, the creator of zero trust and chief evangelist at Illumio, explained the facts about it in his recent SC Magazine article, Debunking Persistent Zero Trust Myths and Misconceptions.
Zero trust is a cybersecurity model created in 2010 by John Kindervag that challenges the old idea of a secure network. Instead of trusting everything inside a network, zero trust works on the idea of "never trust, always verify."
Zero trust is now a best practice cybersecurity strategy for governments and businesses. But there are still many misunderstandings about zero trust which can stop organizations from getting the full benefits.
Myth #1: Zero trust is just about verifying user identity
A common myth is that zero trust is only focused on checking user identity. While verifying identity is important, John Kindervag explains that zero trust goes further than that.
“Even a trusted user with valid credentials can become a threat,” he says.
Zero trust also looks at device type, location, and behavior patterns. This means every access request is checked in context, making security decisions smarter and more flexible.
Myth #2: Adopting zero trust means a complete security overhaul
Another misconception is that adopting zero trust requires completely changing your current security systems. Many businesses worry this would be too expensive and disruptive.
Kindervag clears this up by saying that zero trust is a strategic framework, not a replacement for what you already have.
“The journey to zero trust should be gradual,” he advises. He suggests companies start by using their existing systems and making small, manageable changes.
Myth #3: Zero trust is too complicated
Some people think zero trust is too difficult to manage. In reality, Kindervag argues that it can actually make things simpler by offering a flexible, step-by-step approach.
He recommends starting with microsegmentation, a key part of zero trust that divides the network into smaller, secured sections. This helps stop the spread of breaches.
“Start with segmenting your most valuable databases or critical applications,” Kindervag suggests. This way, companies can see quick security improvements without overwhelming their resources.
Myth #4: Zero trust is a product you can buy
Kindervag explains that zero trust isn’t a single product but a way of thinking and a strategy. “It's about adopting a continuous, thorough approach to verifying every access request,” he says.
While technologies like microsegmentation can help support zero trust, the real benefit comes from applying the “never trust, always verify” mindset throughout your entire network.
Illumio achieves FedRAMP® authorization
Illumio Government Cloud has received the Federal Risk and Authorization Management Program (FedRAMP) Authorization to Operate (ATO) at the Moderate Impact Level. Cate Burgan covered the important news in her recent MeriTalk article, Illumio Achieves FedRAMP ATO.
With FedRAMP, the Illumio Government Cloud can now provide microsegmentation solutions, including Illumio Core and Illumio Endpoint, to prevent breaches from spreading between servers and devices. These tools are essential for improving cybersecurity in federal agencies.
"Bolstering national cyber resilience continues to be a top federal priority," said Gary Barlet, public sector chief technology officer at Illumio.
This FedRAMP approval shows Illumio’s dedication to helping federal agencies prevent cyber disasters. Barlet added, “This achievement underscores Illumio’s commitment to empowering security teams with the right tools to prepare for threats and prevent breaches.”
Illumio wants to give federal security teams the tools they need to keep services running smoothly for the American public. Illumio Government Cloud focuses on helping federal agencies in three main ways:
- Improve real-time visibility
- Stop the spread of breaches
- Meet critical mission needs
As cyberattacks become more common and advanced, it’s crucial for federal agencies to have the right tools to protect against global threats. Illumio’s solutions provide stronger security and better visibility to help agencies reach their security goals.
Find Illumio on the FedRAMP Marketplace.