U.S. Cybersecurity Strategy, Healthcare Breaches, and Illumio Market Momentum
What does the future of cybersecurity look like?
This seemed to be the central question in Illumio news this month, precipitated by the release of a new U.S. cybersecurity plan. Keep reading to learn what Illumio business leaders and security experts and had to say about:
- The U.S. National Cybersecurity Strategy
- Building a successful cybersecurity company
- Protecting healthcare organizations – and their patients – from catastrophic cyberattacks
- Momentum for Illumio and the Zero Trust Segmentation market
New U.S. National Cybersecurity Strategy falls short on immediate impact
This month, the Biden administration announced the new National Cybersecurity Strategy. Gary Barlet, Illumio’s Government CTO and former CIO of the USPS OIG, expressed his concerns about the new strategy in his article for The Hill, US cyber strategy is missing accountability and a ransomware moonshot.
Looking for a summary of the strategy? Read The US National Cybersecurity Strategy is out from CyberWire.
“As a 20-year Air Force cyber operations veteran and a former federal CIO, it pains me to say I’m deeply underwhelmed by this plan — even though it details a strong vision for strengthening our nation’s cyber resilience and critical infrastructure,” said Gary.
From his perspective, the new plan falls short in two essential areas: immediate impact and accountability.
The biggest issue? The plan’s initiatives are set to be completed in 2033 – a decade in the future.
“Planning 10 years ahead in cyber is out of the question,” explained Gary. “On a weekly basis, ransomware is vexing our healthcare systems, food chains, telecommunications networks, energy infrastructure, and financial institutions. ... This is a crisis, and it deserves a crisis response.”
Gary recommends the federal government “step on the gas” to move faster against ransomware and breaches. This means taking responsibility by setting a strong example of what modern cybersecurity posture looks like: bringing bold ideas to the table, granting access to resources, investing in people, and holding organizations accountable to realistic, aggressive timelines.
“If we don’t introduce actionable ideas and accountability that will make an immediate impact, it will only get worse,” said Gary.
While there are significant issues with the new cybersecurity strategy, Gary acknowledges that the plan does outline “strong core objectives.” These include enhancing cross-sector collaboration, modernizing federal systems, disrupting and going after attackers, strengthening the software supply chain, and promoting Zero Trust breach containment strategies. But without “detailing the tactics, resources, and timing” for these objectives, the plan is, in Gary’s opinion, largely ineffective against today’s ever-evolving security threats.
Get other government and security expert perspectives on the new plan in the MeriTalk article National Cyber Strategy Draws Strong Initial Reviews.
Innovation and Leadership Podcast features Illumio CEO and cofounder
Illumio’s Andrew Rubin spoke with Jess Larsen on the Innovation and Leadership Podcast episode Building a Secure Future with Andrew Rubin.
Jess and Andrew discuss Andrew's experience as an entrepreneur in the cybersecurity industry, building a billion-dollar business at Illumio, and his advice to business leaders.
Listen to the podcast on Spotify, Apple Podcasts, or wherever you get your podcasts.
Healthcare is a top cyberattack target – and needs breach containment now
With a 328% increase in cyberattacks in the healthcare industry last year, healthcare organizations must assume breaches are inevitable and prepare by building cyber resilience now.
Trevor Dearing, Director of Critical Infrastructure Solutions at Illumio, spoke on this topic in an interview with Helen Sydney Adams for Healthcare Global in the article How the healthcare sector can prepare for cyber threats.
According to Trevor, “healthcare is such a prime target for cyberattacks because an attack can put the welfare, and even lives, of patients in jeopardy.”
Bad actors target industries and organizations that will offer the greatest chance of reward. Because healthcare organizations can’t afford any downtime to ensure patient safety, they’re more likely to pay ransoms than other industries. Trevor notes that the rise of connected medical devices in particular has expanded the attack surface, making healthcare an even more attractive – and easy – target.
Despite this discouraging news, it is possible for healthcare organizations to protect against the risk of catastrophic ransomware and breaches.
“Organizations need to stop investing so many resources into trying to prevent attacks from happening and invest instead in managing the impact,” explained Trevor. “This means accepting that attacks will happen and mitigating the impact through breach containment.”
Trevor recommends doing so with Zero Trust, a security strategy predicated on the mantra of “never trust, always verify.” This means that nothing is automatically trusted to have access within a network simply because it has the proper credentials.
According to Trevor, a key pillar of any Zero Trust infrastructure includes Zero Trust Segmentation (ZTS) which is “critical for breach containment, dividing the network into multiple sealed sections, with Zero Trust principles governing movement between zones.”
In fact, an attack emulation conducted by Bishop Fox found that ZTS can render attackers ineffective in less than 10 minutes, four times faster than endpoint detection and response (EDR) alone.
Trevor outlined a 3-step approach that healthcare organizations can take to strengthen their security posture immediately, regardless of size and budget:
- Map the communications of all systems: Organizations need to identify which systems can communicate with each other. These connections are how attackers spread through the network and find the highest-value assets.
- Identify and quantify the risks faced by an asset or application: Using the map of system communications, organizations need to decide which assets are most vulnerable and have the most connections to other systems and devices. This defines the organization’s attack surface.
- Apply security controls based on least privilege to govern and restrict access between resources: By stopping unauthorized communication, organizations can proactively prevent attackers from reaching critical assets and services and reactively contain an active attack to a single location. This approach is application to medical devices, data centers, the cloud, and endpoints alike.
“Following these steps will make medical infrastructure breach tolerant and ensure organizations can maintain services even while under attack, without the need to shut down services or move patients,” said Trevor.
Learn more about how Illumio is enabling healthcare organizations to build cyber resilience by visiting us at the HIMSS Conference in Chicago April 17- 21 at booth 2678. Register today. Or check out illumio.com/solutions/healthcare.
New partnership: Illumio + Core to Cloud
Traditional prevention and detection tools aren’t enough to combat today’s ransomware and breach threats. And as the threat landscape continues to grow more severe, organizations are looking for solutions to help them build Zero Trust security.
ZTS is essential to any Zero Trust architecture, and that’s why Core to Cloud was excited to partner with Illumio to add ZTS to its suite of cybersecurity solutions.
Learn more about the partnership in articles from Managed IT Magazine and Business & Innovation Magazine.
The new partnership hopes to enable Core to Cloud’s UK clients with the ability to stop breaches from spreading across the hybrid attack surface.
According to Core to Cloud’s CEO James Cunningham, “Illumio ZTS enables us to strengthen an organization's security posture even further, by reducing the impact and minimizing the damage of an attack. We’re delighted to be working with Illumio. The partnership makes us one of only a handful of UK cyber specialists to be able to offer its Zero Trust Segmentation product suite to UK customers.”
Illumio shortlisted for the UK’s Security Excellence Awards
Illumio is honored to be part of Computing’s Security Excellence Awards shortlist announced this month. Read about the awards in Computing’s article Security Excellence Awards shortlist revealed.
The awards focus on cybersecurity organizations that do business in the UK market, honoring those that are “standing head and shoulders above the crowd.”
Interested in learning more about Illumio? Contact us today.