Illumio named a Leader in The Forrester Wave™: Microsegmentation Solutions, Q3 2024.

GET THE REPORT
Blog
/
Zero Trust Segmentation

Top Cybersecurity News Stories From July 2024

Charlie Bedell
Content Marketing Manager
July 26, 2024
23 min. read

We're halfway through 2024, and we've already seen many breaches and ransomware attacks. Unlike in the past, these attacks are hitting not just organizations but also regular people.  

Security teams are facing more pressure than ever to find better ways to stay strong and protect their operations. Governments and regulatory agencies are starting to see that we need stronger security measures to keep our digital world safe.

This month’s news features insights from cybersecurity experts on:

  • How a new LockBit ransomware attack showed security risks in the fintech industry
  • The new Cyber Security and Resilience Bill that aims to strengthen the UK’s important infrastructure
  • What the US government can do to attract more cybersecurity talent  

LockBit ransomware attacks fintech industry

LockBit, a well-known ransomware group, recently attacked a major fintech company. Louis Columbus wrote about the breach and its impact on the industry in his VentureBeat article, LockBit’s latest attack shows why fintech needs more zero trust.  

LockBit hacked the fintech company on June 26 using a phishing email. The company decided not to pay the ransom, so LockBit dumped 33 terabytes of data onto the dark web. This included personal information like names, Social Security numbers, and account details. The company also had to temporarily stop their online banking services.

The breach had major effects on the company’s clients. Big names in the banking and finance sector had to warn their customers about potential fraud and deal with system outages.

“The ransomware attack shows how an at-risk organization can put the entire fintech ecosystem at risk,” Columbus said.

LockBit’s attack shows the need for stronger cybersecurity in fintech. Ransomware groups create chaos to demand higher ransoms. Even though there have been crackdowns, like Operation Cronos which disrupted LockBit’s operations, the group keeps finding new victims.

Columbus thinks that taking trust out of tech systems is crucial for lowering risk and becoming stronger. He spoke with John Kindervag, the creator of Zero Trust and Illumio’s Chief Evangelist, about why it’s important to use least-privilege access and replace old security systems.

“You don’t start at a technology,” Kindervag explained, “and that’s the misunderstanding of this. You start with a protective surface and then you figure out.”  

In other words, organizations need to create security plans that lower trust levels. They can do this by following basic cyber hygiene or by changing their security technology. This way, the next LockBit attack doesn’t have to seriously damage another fintech company’s operations – it can be a small problem that a strong organization handles quickly.

Could a new Cyber Security and Resilience Bill to strengthen UK cyber defenses?

Alex Scroxton reported on a new UK Cyber Security and Resilience Bill that was introduced at the King’s Speech at the State Opening of Parliament. In his Computer Weekly article, UK Cyber Bill teases mandatory ransomware reporting, he explains that the bill aims to protect digital services and make ransomware reporting mandatory.

The current UK cyber laws are based on older European Union regulations that need updating. The UK government is starting to realize that essential services and critical national infrastructure, like the NHS and the Ministry of Defence, are vulnerable to cyberattacks.

Cyber experts praise the government's commitment to cybersecurity, but some warn that increased regulation will only work if there is more funding for public bodies.

Scroxton spoke with Illumio’s Director of Critical Infrastructure, Trevor Dearing, about the topic. “Increased powers for regulators and reporting will be critical for building cyber resilience. However, regulation will only be successful if accompanied with additional funding for public bodies. Otherwise, all that will happen is that regulations create an unrealistic goal that is cost-prohibitive to implement.”

Dearing also emphasized the need for strong supply chain security. “Third-party providers form the lifeblood for government departments. Cyber criminals will always go after the weakest link in the chain to gain access to more valuable system."  

Overall, the industry agrees that updated cybersecurity rules are a good thing and will help keep important national infrastructure safe from cyberattacks.

The US government needs to recruit more cyber talent

Black and white headshot of Gary Barlet

In the past year, there have been many more cyberattacks on important systems, like the US Department of Health and Human Services (HHS). Even with the increase in attacks, there's still a shortage of cyber professionals to handle them.

Gary Barlet, principal federal solutions architect at Illumio, talks about this issue and offers some solutions in his new Dark Reading article, The Need to Recruit Cyber Talent in the Government.

Barlet says that 71% of organizations have open cybersecurity jobs because of outdated training, expensive certifications, and the idea that the industry is hard to get into. This has created a big gap in the cybersecurity workforce that needs to be fixed to protect national security.

This is a big problem in the US federal government, where agencies have trouble competing with private companies for top cyber talent. Barlet mentioned that government agencies often can’t offer competitive salaries, benefits, or the chance to work with the newest technology.

“The federal government remains woefully underprepared,” Barlet explained.  

So, what can the government do to help? Barlet says the government needs to offer incentives and be creative in how it recruits and encourages talent. “The government will not close the cybersecurity talent gap until it provides incentives that compel prospective employees to transfer their skills from the private sector to positions with federal agencies,” he said.

Barlet suggests offering immediate, short-term perks to attract talent, like remote working options, loan forgiveness, tax credits, and matching contributions to Thrift Savings Plans (TSP). He also thinks government partnerships with the private sector can provide great learning experiences. Barlet mentioned programs like the Air Force's Education with Industry (EWI), which gives hands-on learning with the latest technologies and best practices.

“The threat to our nation has never been higher," Barlet said. “The government must become more proactive and purposeful in how it recruits cybersecurity talent if it's going to level the cyber battlefield.”

Contact us today to learn how Illumio can help keep your organization resilient against the next potential breach or ransomware attack.

Related topics

No items found.

Related articles

Lateral Movement: How to Solve the Cloud’s Biggest Risk
Zero Trust Segmentation

Lateral Movement: How to Solve the Cloud’s Biggest Risk

Learn why it’s so easy for attackers to move laterally in the cloud, the four cloud security missteps making it even easier for them, and how microsegmentation is the key to stopping lateral movement.

Read more
10 Reasons to Choose Illumio for Zero Trust Segmentation
Zero Trust Segmentation

10 Reasons to Choose Illumio for Zero Trust Segmentation

Learn why organizations are adopting Zero Trust Segmentation as a foundational and strategic pillar of any Zero Trust architecture.

Read more
Securing Australian Government Assets in 2020: Part 2
Zero Trust Segmentation

Securing Australian Government Assets in 2020: Part 2

In part 2 of this series, learn why government agencies can implement network segmentation to achieve Zero Trust.

Read more
How Cybersecurity Education Expert Kyla Guru is Solving Cyber Insecurity
Zero Trust Segmentation

How Cybersecurity Education Expert Kyla Guru is Solving Cyber Insecurity

We sat down with Kyla Guru, Founder & CEO of Bits N'​ Bytes Cybersecurity Education, to discuss her innovative strides in accessible cybersecurity education and her thoughts on making the digital world safer for everyone.

Read more
Should We Worry About Cybersecurity Becoming Too Dependent on AI?
Cyber Resilience

Should We Worry About Cybersecurity Becoming Too Dependent on AI?

Get insight into why AI is a boon for cybersecurity despite its weaknesses and how combining the power of AI with the human intellect can alleviate fears about AI overreliance.

Read more
Q&A With Andrew Rubin on Being an EY Entrepreneur Of The Year® 2024 Bay Area Award Winner
Illumio Culture

Q&A With Andrew Rubin on Being an EY Entrepreneur Of The Year® 2024 Bay Area Award Winner

We sat down with Andrew to learn what the award means to him, his inspirations and challenges as a business owner, and his advice to young entrepreneurs.

Read more

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more