Illumio discovered that zero trust architecture has become the standard in cybersecurity. How can your organization best adopt this architecture?
Cybersecurity company Illumio as part of their “Zero Trust Impact Reportfound that leaders using a zero trust architecture thwart five major cyberattacks a year, saving their organizations an average of $20 million annually. Of the 1,000 IT and security professionals surveyed in eight countries, 47% said they do not believe they will be breached, despite increasingly sophisticated and frequent attacks as a result of their use of the security framework.
“Catastrophic breaches continue despite another year of record cybersecurity spending,” said PJ Kirner, co-founder and CTO of Illumio. “I’m shocked that nearly half of those surveyed in The Zero Trust Impact Report don’t think a breach is inevitable, which is the guiding principle for Zero Trust, but I’m encouraged by the hard business results Zero Trust and Segmentation are delivering. “
Zero trust principles become the standard
Despite the number of attacks on the rise, the majority of security leaders surveyed still strongly believe that they are in no danger of being victimized. In the past two years, 76% of organizations surveyed said they have been the target of a ransomware attack, and 66% have experienced at least one attack on the software supply chain. While these numbers continue to grow, IT decision makers believe that: zero trust security is not only the right path, but also a pillar in the security frameworks for the future.
TO SEE: Top 5 Things to Know About Zero-Trust Security (TechRepublic)
Nearly all (90%) of those surveyed say promoting zero trust strategies is one of their top three security priorities this year to improve their organization’s preparedness in the event of a cyber-attack and the impact that attacks can and would have to reduce their business.
“Money won’t solve the problem until security leaders move beyond the legacy approach and focus only on detection and perimeter security,” Kirner said. “Zero Trust Segmentation is emerging as a true market category that is transforming business operations and strengthening cyber resilience.”
Zero trust segmentation has also become imperative within the security architecture, as three-quarters of segmentation pioneers believe purpose-built segmentation tools are essential for zero trust, and 81 percent say segmentation is a key technology for zero trust. Segmentation is a modern approach to stopping breaches before they spread across multiple facets of a business, such as the cloud to the data center.
TO SEE: No trust: the good, the bad and the ugly (TechRepublic)
Adopting a zero trust architecture
Of attacks on the software supply chain (48%), zero day exploits (46%) and ransomware attacks (44%) representing the top three threats respondents fear, it is critical that companies adopt these cybersecurity principles. An important point for companies is the ‘assuming an infringement’ mentality. In this mindset, if companies already believe their systems or devices have been compromised, it has been proven to reduce the risk of an actual attack. With 52% of security teams responding that their organizations are ill-prepared to withstand cyber-attacks and 30% say an attack is likely to end in disaster, it’s critical that enterprises do everything they can to stay secure.
Zero trust segmentation is another principle used to reduce the risk associated with cyber attacks. Users who are well versed in segmentation are almost twice as likely to prevent compromises from spreading to other systems (81% to 45%) than users who do not engage in segmentation.
The three Illumio actions companies should consider when implementing zero trust segmentation are:
- Visibility
- inclusion
- Protection
Visibility is the process of understanding why a system has been breached by looking at all application types, locations, and endpoints. The ability to contain the threat in question is the next step, preventing attacks and the cyber criminals behind them from infecting systems before they spread. Finally, moving from a proactive approach to protection to a reactive approach can save businesses a lot of headaches and money in the long run.
By following these principles and applying this form of security, companies can actively look at how best to protect themselves instead of trying to mitigate the effects of a cyber attack after it has already happened.