/
Cyber Resilience

Zero Trust Security, “Assume Breach” Mindset, and the UK’s Data Reform Bill

While 90 percent of organizations plan to prioritize a Zero Trust security strategy in 2022, staggeringly few believe they’ll experience a breach. But the combination of pervasive cyberattacks and increasingly dispersed, perimeter-less networks means that it’s nearly guaranteed organizations will be attacked and breached.

This gap between Zero Trust adoption and commitment to Zero Trust’s “assume breach” mindset leaves many organizations vulnerable — and was the focus of this month’s cybersecurity news.

“Assume breach” mentality prepares for inevitable cyberattacks

It’s only a matter of time before an organization becomes the victim of a cyberattack. Breaches are inevitable — and they can have devastating financial consequences for organizations that don’t have a mitigation plan in place. Andrew Rubin, Illumio’s CEO and co-founder, addressed this new security paradigm in a Financial Times’ article this month, Cyber Attackers: If You Can’t Stop Them, Disrupt Them.

Rubin explains in the article how the dispersed, hybrid nature of today’s networks leaves organizations increasingly vulnerable to breaches. Sophisticated cyberattacks like the SolarWinds hack shows that organizations need to focus on mitigating cyber risk rather than trying to thwart all possible intrusions to the network.

“The ransomware problem has become so pervasive,” Rubin said. “It proves to everybody that you’re going to get hit almost no matter what, which is not a failure of your cyber strategy, it just means that you have to evolve your cyber strategy to both detect, as well as stop, the spread.”

In addition to layers of detection and visibility, the article highlights that one of the best ways to stop the spread of an attack is with Zero Trust Segmentation. It divides a network into smaller parts so when attackers infiltrate a network, security teams can quickly quarantine the attack. 

From a financial standpoint, the article warned that organizations must prepare for potentially devastating breaches as part of their corporate risk management process. Adopting new security defenses can help slow down and isolate attackers when stopping them completely is impossible.

Zero Trust is the cybersecurity standard

VentureBeat’s article, Everything You Need to Know About Zero-Trust Architecture, highlighted the value of Zero Trust architecture in helping protect against today’s increasing cyberattacks.

The article explains the ways cybersecurity has changed in the last few years. With more employees working remotely and more organizations migrating to the cloud, networks are becoming increasingly perimeter-less. According to VentureBeat, this means that traditional security tools alone can’t prepare organizations for managing today’s inevitable cyberattacks

And while VentureBeat names Zero Trust as one of the best ways to address the need for new solutions to new attacks, they also acknowledge that it has become a bit of a buzzword with an ambiguous definition. The article notes that Zero Trust isn’t a product or advertising pitch but, rather, a philosophy built for managing modern security problems.

A Zero Trust framework assumes all IT environments have vulnerabilities that cyberattackers will eventually find. To address this, the article explains how a Zero Trust philosophy focuses on improving visibility across all environments and segmenting the network to stop the spread of cyberattackers who can abuse automatic trust to gain access to business-critical information.

With many organizations’ networks growing in complexity by the day, segmenting the network can sound daunting. However, VentureBeat names Illumio as a solution that can help automate the implementation of Zero Trust Segmentation. This means creating security policies that are both effective and pragmatic. A Zero Trust architecture can be readily put into practice to protect organizations from cyberattacks coming their way.

Nearly half of security leaders think they won’t be breached

Though 90 percent of security leaders are prioritizing Zero Trust strategies this year, 47 percent say they don’t think they’ll be breached. To gain insight into these trends from ESG’s Zero Trust Impact ReportChannelBuzz spoke with PJ Kirner, Illumio’s CTO and co-founder. The statistics contradict the central tenets of Zero Trust: always assume breaches are inevitable and that attackers may already have access to the network.

“We started Illumio with these principles in mind 10 years ago and sometimes we think that people fully understand them, but that 47 percent data point suggests that isn’t the case,” Kirner said.

Kirner noted that, in some cases, he thinks this number is simply a result of executives thinking they don’t have the kind of data that is valuable enough to steal.

“Their focus is really on protecting their crown jewels,” he said. “However, Zero Trust requires customers always assume that a breach has taken place and that attackers are inside. This group believes in Zero Trust, but I don’t think they buy into the ‘assume the breach’ part yet.”

Yet, ESG’s report found that 76 percent of organizations surveyed have been attacked by ransomware, and 66 percent have experienced at least one software supply chain attack. Cyberattacks are occurring at a much higher frequency than ever before, and Kirner explained that organizations must have a security plan in place.

The good news? The report also reflected that Zero Trust Segmentation has developed a quantifiable business impact, with 81 percent of security leaders believing Zero Trust Segmentation should be part of their core Zero Trust strategy.

ESG’s survey found that Zero Trust Segmentation allows organizations to save an average of $20.1 million in application downtown, avert five cyber disasters per year, and accelerate 14 more digital and cloud transformation projects over the next year.

“The fact that people believe segmentation is a core pillar of Zero Trust is an important one for us, because it validates what we are doing,” Kirner said.

New UK Data Reform Bill

Illumio’s Adam Brady, director of systems engineering, wrote for IT Supply Chain about the UK’s new Data Reform Bill. The bill details the UK’s plan to replace the current General Data Protection Regulation (GDRP), which governs the processing of personal data from individuals inside the UK.

The article highlights the UK government’s ongoing debates over cybersecurity regulations which reflect a broader trend of governments taking more proactive measures to develop better cyber defenses across public and private organizations.

Compared to the current GDPR, Brady outlines how the Data Reform Bill will have more flexible and less stringent data protection laws. He noted that the UK should expect some drawbacks from more lenient protection laws, but he outlined a few benefits of the bill’s increased flexibility compared to the GDRP.

According to Brady, the new bill will offer additional agility in business processes and a reduction in administrative overhead due to relaxed compliance regulations. In addition, the more flexible handling of personal data compared to the current GDRP will likely attract tech, retail, and other businesses to the UK. It will especially benefit small businesses, who will be able to spend less time and money on ensuring data privacy and compliance.

While the new bill will help ensure data handling controls don’t get in the way of commerce, Brady said the bill lacks similar guidelines for cyberattacks. Government regulations should ensure that organizations are prepared to manage inevitable breaches to the network — and the resulting effect on commerce and supply chains. Brady asserted that the UK’s cybersecurity rules should match other similar government directives which recommend a Zero Trust security approach for defending against today’s sophisticated cyberattacks.

Illumio wins industry awards

To cap off the month, the Remote Tech Breakthrough Awards honored Illumio with the Remote Work Security Company of the Year award as part of their Leadership category.

Since 2020, Illumio has launched two products, Illumio CloudSecure and Illumio Edge, while fully remote. Both products cater to the unique cybersecurity challenges presented to companies by the global pandemic for securing the cloud and remote workers’ devices.

In 2021, Illumio won the Overall Remote Work Security Solution of the Year in the Remote Tech Breakthrough Awards.

This month, Illumio also won the Publisher’s Choice Zero Trust Award from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. This award highlights the importance of Zero Trust Segmentation in preventing breaches from becoming cyber disasters.

To learn more about what makes Illumio a leader in Zero Trust Segmentation:

Related topics

No items found.

Related articles

Take Me to Your Domain Controller: How Attackers Move Laterally Through Your Environment
Cyber Resilience

Take Me to Your Domain Controller: How Attackers Move Laterally Through Your Environment

In the first part of this blog series, we saw different ways a threat actor can carry out the Discovery phase of the ATT&CK framework to gain a lay of the land after an initial infection.

Cybersecurity Is Our Greatest National Resilience Imperative
Cyber Resilience

Cybersecurity Is Our Greatest National Resilience Imperative

With an increased focus on upping production, manufacturing and distribution, cybersecurity and securing critical infrastructure are paramount to that success.

Data Center and Cloud Security — Why We Need a Revolution
Cyber Resilience

Data Center and Cloud Security — Why We Need a Revolution

Revolutions happen for good reason. They’re the result of a divergence of expectations and reality causing pent-up frustration that pushes the need for change. Old ways no longer align with new requirements and pressure reaches a boiling point where there is no other option but to make that change.

No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?