Top Cybersecurity News Stories From December 2023
With 2024 close ahead, organizations are looking more closely at the challenges they’ve faced in the past year and how to overcome them — whether that’s resource constraints, spending, or improving strategies.
This month’s news featured insights from cybersecurity experts and thought leaders spoke to these topics including:
- How to adjust strategies and share responsibility for cloud security amidst a cybersecurity skills gap
- Why cyber resilience is tied to quick wins and ROI on cybersecurity investments
- Why security leaders are turning to Zero Trust Segmentation to solve cloud security gaps
Are security skills gaps affecting your cloud security?
For the cybersecurity industry, talent shortage has been an ongoing issue rather than a passing trend — and unfortunately, it can have significant repercussions for organizations’ security, particularly in the cloud. Sudha Iyer, VP of Product Management at Illumio, wrote for SC Media on the topic: Don’t let the IT skills gap hold back cloud security.
Iyer addresses some key trends in the cloud that are impacting cloud security:
- Cloud adoption is growing fast, and organizations are increasingly relying on the cloud to run critical systems and store critical data. This raises the risk of cloud misconfigurations as teams face pressure to scale quickly.
- And the nature of cloud environments is characterized by quick changes as workloads spin up and down.
Both of these are making security risk in the cloud increase exponentially. In fact, a recent Vanson Bourne report found that nearly half of all breaches originated in the cloud in the last year.
Compounding these challenges are IT security staffing shortages. Iyer cites a World Economic Forum report that shows a 3.4 million gap in cybersecurity professionals. While this ongoing issue poses a serious challenge for security, Iyer urges organizations to not use it as an excuse for ineffective cloud security outcomes.
“The persistent IT talent shortage should not dictate the outcomes of the organization’s cloud security efforts,” she said.
Instead, Iyer recommends they adjust security strategies and foster a shared responsibility for cloud security across the entire organization.
“In this new threat landscape, the security team can no longer protect an organization’s cloud infrastructure alone,” she explained. “Cloud security and building resilience from the get-go must become everyone’s responsibility.”
Iyer advocates for a more proactive approach to securing cloud infrastructure, emphasizing risk management over attempting to eliminate every potential vulnerability which include:
- Implementing proactive measures such as conducting tabletop exercises to raise awareness and regularly performing penetration tests to identify vulnerabilities.
- Requiring continuous employee education and training sessions to make everyone in the organization an extension of the security team.
She also highlights the importance of Zero Trust Segmentation (ZTS), also called microsegmentation, which should be a foundational part of any organization’s security strategy. ZTS involves logically dividing data centers and cloud environments into smaller, isolated zones to automatically contain attacks, prevent threats from spreading, and minimize the risk of unauthorized access. ZTS offer security teams the efficiency and quick wins they need in the face of resource constraints.
“While the IT talent shortage has become the status quo, with the right strategies and shared efforts, organizations don’t have to live with poor cloud security outcomes,” Iyer concluded.
Quick security ROI leads to better cyber resilience
In his Federal News Network article, Gary Barlet, Federal Field CTO at Illumio, posed this question: How can agencies adopting cyber resilience not only make smarter cyber investments but also ones that help them realize a greater ROI on existing investments?
The question arose out of a quote by Kemba Walden, the Acting National Cyber Director in the Office of the National Cyber Director that stated, “The success of the national cybersecurity strategy will be measured in part by the way companies get a return on their investment in building resilience.”
Barlet advocates for a back-to-basics approach. Organizations both in the public and private sectors must excel in fundamental cybersecurity practices. For Barlet, this comes down to:
- Identifying vulnerabilities
- Ensuring cross-functional visibility
- Safeguarding critical assets
Each of these helps lay the groundwork for better cybersecurity investments, enabling agencies to maximize ROI.
Barlet also highlights Zero Trust as the key security strategy for building resilience and ROI: “The Biden Administration’s May 2021 Executive Order on Improving the Nation’s Cybersecurity made it clear that Zero Trust is the new cybersecurity standard.”
Zero Trust encourages organizations to move away from traditional perimeter-based security approaches toward the acknowledgement that breaches are inevitable in today’s hybrid, hyperconnected digital landscape. It also helps achieve quick wins that lead to significant security progress and ROI, says Barlet.
He recommends organizations start with quick wins like segmenting critical assets, implementing dynamic network rules, and maintaining visibility into network communications. He also encourages teams to leverage pre-existing technology investments, such as Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR), alongside foundational Zero Trust technologies like Zero Trust Segmentation (ZTS).
"As Zero Trust increasingly becomes the norm, especially in Fed, not only can we expect to see more resilience, but a greater ROI in cybersecurity overall,” Barlet explained.
93 percent of security leaders say Zero Trust Segmentation is essential to cloud security
Last month, Vanson Bourne released new research on the state of cloud security in the Cloud Security Index 2023. Its findings were a worrying glimpse into the challenges and shortcomings organizations are facing when it comes to securing cloud environments.
Get an overview of the report in this video
Two Illumio security experts, John Kindervag, Creator of Zero Trust and Chief Evangelist at Illumio, and Raghu Nandakumara, Senior Director of Solutions Marketing at Illumio, shared the report’s findings this month:
- The Australian: Get your head out of the clouds, security breaches ‘inevitable’
- Help Net Security: Why zero-trust segmentation is critical for cloud resilience
- The Cloud Architects Podcast: Episode 82: All bad things happen inside the allow rule
- iTWire: Illumio explains how Zero Trust Segmentation is the key to cloud security
The report found that, of the 1,600 security decision-makers surveyed from public and private sector organizations across nine countries, nearly all of them (99 percent) are using cloud-based services. For most organizations, it’s an essential tool to scale at speed and offers many benefits to employees, customers, and the bottom line.
But this rapid cloud adoption is leaving security gaps: 47 percent of breaches in the last year at surveyed organizations originated in the cloud. Vanson Bourne identified three cloud weaknesses attackers are exploiting most often, including complexity of applications and workloads, diversity and number of cloud services, and the use of traditional on-premises tools that don’t provide the visibility, confidence, efficiency, or resilience organizations need.
Decision makers are increasingly aware of the security gap in the cloud. 63 percent say their organization’s cloud security isn’t prepared for cyberattacks. This comes down to issues with incomplete network visibility, slow reaction time to breaches, and heavy workloads for security team.
The solution? Almost all (93 percent) of security leaders surveyed said Zero Trust Segmentation (ZTS) is critical to their cloud security strategy, and all leaders said their organizations could stand to benefit from ZTS implementation.
If your organization is in the cloud, it needs to be resilient against the next inevitable cyberattack. The best way to achieve cyber resilience is through adopting a Zero Trust security strategy based on a “never trust, always verify” mindset.
Zero Trust Segmentation (ZTS) is a key pillar of Zero Trust — you can't achieve Zero Trust without it.
Unlike traditional prevention and detection technologies, ZTS provides a consistent approach to microsegmentation across the hybrid attack surface. This allows your organization to visualize workload connectivity, set granular security policy, and contain attacks across the cloud, endpoints, and on-premises data centers.
Illumio CloudSecure helps organizations extend ZTS to their public cloud environments. With CloudSecure, security teams can:
- Visualize cloud workload connectivity
- Apply proactive segmentation controls
- Proactively contain attacks on applications and workloads in their public cloud environments, across servers, virtual machines, containers, and serverless computing
By extending ZTS to the cloud, security teams can be confident that inevitable cloud attacks will be stopped and contained at their source.
Learn more about Illumio CloudSecure in this video:
Contact us today for a free demo and consultation of Illumio ZTS.