Zero Trust Security, mentalidade de “Assumir violação” e o projeto de reforma de dados do Reino Unido

While 90 percent of organizations plan to prioritize a Zero Trust security strategy in 2022, staggeringly few believe they’ll experience a breach. But the combination of pervasive cyberattacks and increasingly dispersed, perimeter-less networks means that it’s nearly guaranteed organizations will be attacked and breached.

This gap between Zero Trust adoption and commitment to Zero Trust’s “assume breach” mindset leaves many organizations vulnerable — and was the focus of this month’s cybersecurity news.

A mentalidade de “supor uma violação” se prepara para ataques cibernéticos inevitáveis

It’s only a matter of time before an organization becomes the victim of a cyberattack. Breaches are inevitable — and they can have devastating financial consequences for organizations that don’t have a mitigation plan in place. Andrew Rubin, Illumio’s CEO and co-founder, addressed this new security paradigm in a Financial Times’ article this month, Cyber Attackers: If You Can’t Stop Them, Disrupt Them.

Rubin explains in the article how the dispersed, hybrid nature of today’s networks leaves organizations increasingly vulnerable to breaches. Sophisticated cyberattacks like the SolarWinds hack shows that organizations need to focus on mitigating cyber risk rather than trying to thwart all possible intrusions to the network.

“The ransomware problem has become so pervasive,” Rubin said. “It proves to everybody that you’re going to get hit almost no matter what, which is not a failure of your cyber strategy, it just means that you have to evolve your cyber strategy to both detect, as well as stop, the spread.”

Além das camadas de detecção e visibilidade, o artigo destaca que uma das melhores maneiras de impedir a propagação de um ataque é com a segmentação Zero Trust. Ele divide uma rede em partes menores para que, quando os invasores se infiltram em uma rede, as equipes de segurança possam rapidamente colocar o ataque em quarentena. 

Do ponto de vista financeiro, o artigo alertou que as organizações devem se preparar para violações potencialmente devastadoras como parte do processo corporativo de gerenciamento de riscos. A adoção de novas defesas de segurança pode ajudar a desacelerar e isolar os atacantes quando é impossível detê-los completamente.

Zero Trust é o padrão de segurança cibernética

VentureBeat’s article, Everything You Need to Know About Zero-Trust Architecture, highlighted the value of Zero Trust architecture in helping protect against today’s increasing cyberattacks.

The article explains the ways cybersecurity has changed in the last few years. With more employees working remotely and more organizations migrating to the cloud, networks are becoming increasingly perimeter-less. According to VentureBeat, this means that traditional security tools alone can’t prepare organizations for managing today’s inevitable cyberattacks

And while VentureBeat names Zero Trust as one of the best ways to address the need for new solutions to new attacks, they also acknowledge that it has become a bit of a buzzword with an ambiguous definition. The article notes that Zero Trust isn’t a product or advertising pitch but, rather, a philosophy built for managing modern security problems.

Uma estrutura Zero Trust pressupõe que todos os ambientes de TI tenham vulnerabilidades que os ciberatacantes eventualmente encontrarão. Para resolver isso, o artigo explica como a filosofia Zero Trust se concentra em melhorar a visibilidade em todos os ambientes e segmentar a rede para impedir a disseminação de ciberatacantes que podem abusar da confiança automática para obter acesso a informações críticas para os negócios.

With many organizations’ networks growing in complexity by the day, segmenting the network can sound daunting. However, VentureBeat names Illumio as a solution that can help automate the implementation of Zero Trust Segmentation. This means creating security policies that are both effective and pragmatic. A Zero Trust architecture can be readily put into practice to protect organizations from cyberattacks coming their way.

Quase metade dos líderes de segurança acham que não serão violados

Though 90 percent of security leaders are prioritizing Zero Trust strategies this year, 47 percent say they don’t think they’ll be breached. To gain insight into these trends from ESG’s Zero Trust Impact Report, ChannelBuzz spoke with PJ Kirner, Illumio’s CTO and co-founder. The statistics contradict the central tenets of Zero Trust: always assume breaches are inevitable and that attackers may already have access to the network.

“Começamos a Illumio com esses princípios em mente há 10 anos e às vezes achamos que as pessoas os entendem completamente, mas esses dados de 47% sugerem que esse não é o caso”, disse Kirner.

Kirner observou que, em alguns casos, ele acha que esse número é simplesmente o resultado de executivos pensarem que não têm o tipo de dados que são valiosos o suficiente para serem roubados.

“Their focus is really on protecting their crown jewels,” he said. “However, Zero Trust requires customers always assume that a breach has taken place and that attackers are inside. This group believes in Zero Trust, but I don’t think they buy into the ‘assume the breach’ part yet.”

Yet, ESG’s report found that 76 percent of organizations surveyed have been attacked by ransomware, and 66 percent have experienced at least one software supply chain attack. Cyberattacks are occurring at a much higher frequency than ever before, and Kirner explained that organizations must have a security plan in place.

The good news? The report also reflected that Zero Trust Segmentation has developed a quantifiable business impact, with 81 percent of security leaders believing Zero Trust Segmentation should be part of their core Zero Trust strategy.

A pesquisa do ESG descobriu que a segmentação Zero Trust permite que as organizações economizem uma média de 20,1 milhões de dólares em aplicativos no centro da cidade, evitem cinco desastres cibernéticos por ano e acelerem mais 14 projetos de transformação digital e em nuvem no próximo ano.

“O fato de as pessoas acreditarem que a segmentação é um pilar central do Zero Trust é importante para nós, porque valida o que estamos fazendo”, disse Kirner.

Novo projeto de reforma de dados do Reino Unido

Illumio’s Adam Brady, director of systems engineering, wrote for IT Supply Chain about the UK’s new Data Reform Bill. The bill details the UK’s plan to replace the current General Data Protection Regulation (GDRP), which governs the processing of personal data from individuals inside the UK.

The article highlights the UK government’s ongoing debates over cybersecurity regulations which reflect a broader trend of governments taking more proactive measures to develop better cyber defenses across public and private organizations.

Em comparação com o GDPR atual, Brady descreve como o Projeto de Reforma de Dados terá leis de proteção de dados mais flexíveis e menos rigorosas. Ele observou que o Reino Unido deve esperar algumas desvantagens de leis de proteção mais brandas, mas descreveu alguns benefícios da maior flexibilidade do projeto de lei em comparação com o GDRP.

De acordo com Brady, o novo projeto de lei oferecerá agilidade adicional nos processos de negócios e uma redução na sobrecarga administrativa devido à flexibilização das regulamentações de conformidade. Além disso, o tratamento mais flexível de dados pessoais em comparação com o GDRP atual provavelmente atrairá empresas de tecnologia, varejo e outras empresas para o Reino Unido. Isso beneficiará especialmente as pequenas empresas, que poderão gastar menos tempo e dinheiro garantindo a privacidade e a conformidade dos dados.

While the new bill will help ensure data handling controls don’t get in the way of commerce, Brady said the bill lacks similar guidelines for cyberattacks. Government regulations should ensure that organizations are prepared to manage inevitable breaches to the network — and the resulting effect on commerce and supply chains. Brady asserted that the UK’s cybersecurity rules should match other similar government directives which recommend a Zero Trust security approach for defending against today’s sophisticated cyberattacks.

Illumio ganha prêmios do setor

To cap off the month, the Remote Tech Breakthrough Awards honored Illumio with the Remote Work Security Company of the Year award as part of their Leadership category.

Desde 2020, a Illumio lançou dois produtos, Illumio CloudSecure e Illumio Edge, embora totalmente remotos. Ambos os produtos atendem aos desafios exclusivos de segurança cibernética apresentados às empresas pela pandemia global para proteger a nuvem e os dispositivos dos trabalhadores remotos.

Em 2021, a Illumio ganhou a Solução Geral de Segurança de Trabalho Remoto do Ano no Remote Tech Breakthrough Awards.

This month, Illumio also won the Publisher’s Choice Zero Trust Award from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. This award highlights the importance of Zero Trust Segmentation in preventing breaches from becoming cyber disasters.

Para saber mais sobre o que faz da Illumio uma líder na segmentação Zero Trust:

• Download the Forrester Wave reports naming Illumio a Leader in both Zero Trust and microsegmentation. 
• Read how Illumio helped a global law firm stop a ransomware attack. 
• Contact us today to schedule a consultation and demonstration.