/
Zero Trust Segmentation

U.S. Cybersecurity Strategy, Healthcare Breaches, and Illumio Market Momentum

What does the future of cybersecurity look like?

This seemed to be the central question in Illumio news this month, precipitated by the release of a new U.S. cybersecurity plan. Keep reading to learn what Illumio business leaders and security experts and had to say about:

  • The U.S. National Cybersecurity Strategy
  • Building a successful cybersecurity company
  • Protecting healthcare organizations – and their patients – from catastrophic cyberattacks
  • Momentum for Illumio and the Zero Trust Segmentation market

New U.S. National Cybersecurity Strategy falls short on immediate impact

This month, the Biden administration announced the new National Cybersecurity Strategy. Gary Barlet, Illumio’s Government CTO and former CIO of the USPS OIG, expressed his concerns about the new strategy in his article for The Hill, US cyber strategy is missing accountability and a ransomware moonshot.

Looking for a summary of the strategy? Read The US National Cybersecurity Strategy is out from CyberWire.

“As a 20-year Air Force cyber operations veteran and a former federal CIO, it pains me to say I’m deeply underwhelmed by this plan — even though it details a strong vision for strengthening our nation’s cyber resilience and critical infrastructure,” said Gary.

From his perspective, the new plan falls short in two essential areas: immediate impact and accountability.

The biggest issue? The plan’s initiatives are set to be completed in 2033 – a decade in the future.

“Planning 10 years ahead in cyber is out of the question,” explained Gary. “On a weekly basis, ransomware is vexing our healthcare systems, food chains, telecommunications networks, energy infrastructure, and financial institutions. ... This is a crisis, and it deserves a crisis response.”

Gary recommends the federal government “step on the gas” to move faster against ransomware and breaches. This means taking responsibility by setting a strong example of what modern cybersecurity posture looks like: bringing bold ideas to the table, granting access to resources, investing in people, and holding organizations accountable to realistic, aggressive timelines.

“If we don’t introduce actionable ideas and accountability that will make an immediate impact, it will only get worse,” said Gary.

While there are significant issues with the new cybersecurity strategy, Gary acknowledges that the plan does outline “strong core objectives.” These include enhancing cross-sector collaboration, modernizing federal systems, disrupting and going after attackers, strengthening the software supply chain, and promoting Zero Trust breach containment strategies. But without “detailing the tactics, resources, and timing” for these objectives, the plan is, in Gary’s opinion, largely ineffective against today’s ever-evolving security threats.

Get other government and security expert perspectives on the new plan in the MeriTalk article National Cyber Strategy Draws Strong Initial Reviews.

Innovation and Leadership Podcast features Illumio CEO and cofounder

Illumio’s Andrew Rubin spoke with Jess Larsen on the Innovation and Leadership Podcast episode Building a Secure Future with Andrew Rubin.

Jess and Andrew discuss Andrew's experience as an entrepreneur in the cybersecurity industry, building a billion-dollar business at Illumio, and his advice to business leaders.

Listen to the podcast on Spotify, Apple Podcasts, or wherever you get your podcasts.

Healthcare is a top cyberattack target – and needs breach containment now

With a 328% increase in cyberattacks in the healthcare industry last year, healthcare organizations must assume breaches are inevitable and prepare by building cyber resilience now.

Trevor Dearing, Director of Critical Infrastructure Solutions at Illumio, spoke on this topic in an interview with Helen Sydney Adams for Healthcare Global in the article How the healthcare sector can prepare for cyber threats.

According to Trevor, “healthcare is such a prime target for cyberattacks because an attack can put the welfare, and even lives, of patients in jeopardy.”

Bad actors target industries and organizations that will offer the greatest chance of reward. Because healthcare organizations can’t afford any downtime to ensure patient safety, they’re more likely to pay ransoms than other industries. Trevor notes that the rise of connected medical devices in particular has expanded the attack surface, making healthcare an even more attractive – and easy – target.

Despite this discouraging news, it is possible for healthcare organizations to protect against the risk of catastrophic ransomware and breaches.

“Organizations need to stop investing so many resources into trying to prevent attacks from happening and invest instead in managing the impact,” explained Trevor. “This means accepting that attacks will happen and mitigating the impact through breach containment.”

Trevor recommends doing so with Zero Trust, a security strategy predicated on the mantra of “never trust, always verify.” This means that nothing is automatically trusted to have access within a network simply because it has the proper credentials.

According to Trevor, a key pillar of any Zero Trust infrastructure includes Zero Trust Segmentation (ZTS) which is “critical for breach containment, dividing the network into multiple sealed sections, with Zero Trust principles governing movement between zones.”

In fact, an attack emulation conducted by Bishop Fox found that ZTS can render attackers ineffective in less than 10 minutes, four times faster than endpoint detection and response (EDR) alone.

Trevor outlined a 3-step approach that healthcare organizations can take to strengthen their security posture immediately, regardless of size and budget:

  1. Map the communications of all systems: Organizations need to identify which systems can communicate with each other. These connections are how attackers spread through the network and find the highest-value assets.
  2. Identify and quantify the risks faced by an asset or application: Using the map of system communications, organizations need to decide which assets are most vulnerable and have the most connections to other systems and devices. This defines the organization’s attack surface.
  3. Apply security controls based on least privilege to govern and restrict access between resources: By stopping unauthorized communication, organizations can proactively prevent attackers from reaching critical assets and services and reactively contain an active attack to a single location. This approach is application to medical devices, data centers, the cloud, and endpoints alike.

“Following these steps will make medical infrastructure breach tolerant and ensure organizations can maintain services even while under attack, without the need to shut down services or move patients,” said Trevor.

Learn more about how Illumio is enabling healthcare organizations to build cyber resilience by visiting us at the HIMSS Conference in Chicago April 17- 21 at booth 2678. Register today. Or check out illumio.com/solutions/healthcare.

New partnership: Illumio + Core to Cloud

Traditional prevention and detection tools aren’t enough to combat today’s ransomware and breach threats. And as the threat landscape continues to grow more severe, organizations are looking for solutions to help them build Zero Trust security.

ZTS is essential to any Zero Trust architecture, and that’s why Core to Cloud was excited to partner with Illumio to add ZTS to its suite of cybersecurity solutions.

Learn more about the partnership in articles from Managed IT Magazine and Business & Innovation Magazine.

The new partnership hopes to enable Core to Cloud’s UK clients with the ability to stop breaches from spreading across the hybrid attack surface.

According to Core to Cloud’s CEO James Cunningham, “Illumio ZTS enables us to strengthen an organization's security posture even further, by reducing the impact and minimizing the damage of an attack. We’re delighted to be working with Illumio. The partnership makes us one of only a handful of UK cyber specialists to be able to offer its Zero Trust Segmentation product suite to UK customers.”

Illumio shortlisted for the UK’s Security Excellence Awards

Illumio is honored to be part of Computing’s Security Excellence Awards shortlist announced this month. Read about the awards in Computing’s article Security Excellence Awards shortlist revealed.

The awards focus on cybersecurity organizations that do business in the UK market, honoring those that are “standing head and shoulders above the crowd.”

Interested in learning more about Illumio? Contact us today.

Related topics

No items found.

Related articles

SolarWinds Breach: Driving a Paradigm Shift to Zero Trust
Zero Trust Segmentation

SolarWinds Breach: Driving a Paradigm Shift to Zero Trust

The SolarWinds compromise and its ongoing fall-out have brought into sharp focus the difficulty in controlling and validating every touch point an enterprise has with its external dependencies (be that vendor, customer, or partner) and further emphasizes the old adage that “a chain is only as strong as its weakest link.”

How QBE Reduces Complexity and Risk Globally with Illumio
Zero Trust Segmentation

How QBE Reduces Complexity and Risk Globally with Illumio

Learn how QBE implemented segmentation on their path to Zero Trust.

5 Reasons Your Firewall Team Will Love Microsegmentation
Zero Trust Segmentation

5 Reasons Your Firewall Team Will Love Microsegmentation

The upgrade firewall administrators have long needed, micro segmentation moves the enforcement point to the application instance itself. Here’s how it works.

Why Cyber Disasters Are Still Happening — And How to Fix It
Cyber Resilience

Why Cyber Disasters Are Still Happening — And How to Fix It

Get insight from Gary Barlet, Illumio Federal CTO, on why decades of trying to prevent and detect direct attacks by adversaries – and failing – means it's time to shift the focus to containment.

5 Must-Know Insights from Zero Trust Pioneer Chase Cunningham
Zero Trust Segmentation

5 Must-Know Insights from Zero Trust Pioneer Chase Cunningham

Chase Cunningham, also known as Dr. Zero Trust, shares his thoughts in this Zero Trust Leadership Podcast episode.

9 Reasons Why Healthcare Providers Should Implement Zero Trust Segmentation
Zero Trust Segmentation

9 Reasons Why Healthcare Providers Should Implement Zero Trust Segmentation

Explore the benefits of Zero Trust Segmentation for your healthcare organization.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?