We’re nearly halfway through 2022, and cyberattacks continue to dominate headlines and our collective headspaces. We need to be thinking, ‘if not yet, when’? It’s more important than ever for security leaders to adopt a Zero Trust mindset and build resilience to threats and inevitable attacks.
But nearly 1 in 2 security professionals (47%) don’t think they’ll be breached in the first place, according to the just-released Enterprise Strategy Group (ESG) research in the Zero Trust Impact Report. I find this to be one of the more sobering findings from the global survey of 1,000 IT and security professionals.
Reassuringly, ESG’s research also reveals positive trends and approaches to Zero Trust initiatives — specifically, the adoption of Zero Trust Segmentation, a critical pillar of any organization’s Zero Trust strategy.
In this video, I share a quick overview of some of the report highlights.
Today, I wanted to focus on a few key takeaways and insights that can help inform your organization’s Zero Trust and segmentation strategies, from justification to validation.
1. Ransomware reigns: 76% report at least one ransomware attack in the past 24 months
This shouldn’t be news to anyone. Ransomware is our greatest threat today and will continue to wreak havoc until Zero Trust practices that prevent breaches from spreading across a network become the norm.
Ransomware and cyberattacks have been a costly reality for the 76% of respondents that suffered a ransomware attack and 66% that experienced at least one supply chain attack over the past two years. The average ransom payment made following an attack was $495,000. Additionally, 43% of respondents reported the average cost of downtime of a business-critical application due to a cyberattack to be $251,000 per hour.
What’s more, more than half of these organizations (52%) indicated that they believe a cyberattack is likely to be a disaster for their organization.
These findings reveal that security leaders need to turn their focus on investing in cyber resilience and embracing a Zero Trust approach.
This is especially so in the ever more hyperconnected world we exist in — digital transformation efforts are just one driver behind this explosion in connectivity. The old maxim of “trust but verify” is not only dated but illogical as organizations can no longer reasonably assign implicit trust to their devices, users, applications and other assets.
2. Zero Trust adoption is on the rise: 90% say advancing Zero Trust is a top 3 security priority
At its core, the Zero Trust model emphasizes an “assume breach” mindset: assuming an adversary is likely already inside your perimeter and acknowledging breaches as unavoidable. While nearly half of respondents haven’t fully embraced this mindset or built the cyber resilience to deal with the inevitability of an attack, the good news is that the importance of Zero Trust is not lost on them.
In fact, 9 in 10 respondents recognize Zero Trust as a critical security initiative and say advancing their Zero Trust efforts is a top-three priority. This is a promising indication that progress will be made toward turning discussions into action plans.
But as ESG notes, “Because Zero Trust is a broad initiative touching on a variety of disciplines, many tools have become associated with the strategy … everything seems to be important, organizations can struggle to prioritize and focus on the appropriate areas.”
Many organizations face this challenge: not knowing where to focus or how to move forward in the Zero Trust journey. A good place to start is visualizing the dependencies across your business-critical assets and applications. You must understand where the connections and risks lie in your environment. Then determine what you need to improve protection for before implementing Zero Trust controls and least-privilege access to protect those assets from the spread of breaches.
This is why Zero Trust Segmentation is foundational to any Zero Trust strategy. It is the control that limits how far an attack can progress. Good segmentation is essential to effective containment — which is fundamental to improved resilience.
3. Zero Trust Segmentation is key: avoid 5 cyber disasters, save $20.1M in app downtime, execute 14 more digital transformation projects
Zero Trust Segmentation is a modern approach to stop breaches from spreading across hybrid IT, from the cloud to the data center. ESG’s research highlights a legion of achievable benefits of this approach and technology.
Most importantly, the findings show that advancing Zero Trust Segmentation implementations is a proven way to bolster cyber resilience, improve operational efficiency, and accelerate cloud adoption. Organizations that have done so are classified as “Pioneers” in the report.
Pioneers in adopting Zero Trust Segmentation are:
- More than twice as likely to feel prepared to handle ransomware and cyberattacks. And they report being able to avert 5 cyber disasters annually. They’re also 2.4 times more likely to rate their Zero Trust initiative as very successful. This confidence can be attributed to improved visibility, containment, and isolation capabilities.
- With higher security confidence comes more opportunities for transformation: organizations report 14 more digital and cloud transformation projects over the next year. Zero Trust Segmentation efficiencies also translate to freeing up 39 person-hours per week.
- 2x more likely to have avoided critical outages due to attacks over the last 24 months. In the case of an incident, Zero Trust Segmentation capabilities helped them achieve a 68% faster mean time to recovery (MTTR). All in, these organizations save $20.1 million in annual application downtime costs.
Zero Trust Impact Report: Get Your Copy
Read the full report for more in-depth findings and research insights on the undeniable value of Zero Trust Segmentation.
Contact us today to learn how your organization can realize these business and security advantages with Illumio’s Zero Trust Segmentation platform.