Top Cybersecurity News Stories From May 2024
Today's cyber threats are making traditional security methods and tools less effective. The growth of hybrid, multi-cloud environments, mobile devices, and IoT has widened the attack surface. This has resulted in more advanced cyber threats.
All of this change requires a shift to more flexible and responsive security strategies, with Zero Trust leading the way.
This month's news includes insights from cybersecurity experts on:
- Solving the ransomware problem
- The new Illumio ZTS + Netskope ZTNA joint solution
- John Kindervag debunks four Zero Trust myths
Ransomware: The biggest problem in cybersecurity
At this year’s RSA Conference, Dave DeWalt, founder and Managing Director at NightDragon, partnered with NASDAQ to sit down with Andrew Rubin, cofounder and CEO at Illumio. The two discussed the effect that the ever-growing ransomware threat has had on cybersecurity in recent years. Watch their full discussion below.
In the last few years, ransomware attacks have hit 76% of organizations, according to Illumio's Zero Trust Impact Report. Rubin sees ransomware as one of the first types of cyberattacks that illustrates today’s new cyber mindset.
“Cybersecurity is no longer a game of perfection; we can’t stay safe all the time,” he said. “A big part of the cyber mindset is simply accepting that can't eliminate risk, but we can reduce it.”
Ransomware is so effective because it’s designed to spread. “Ransomware is indiscriminate – it’ll go after a school or a hospital as quickly as a bank or a government,” Rubin explained. “It’ll land anywhere that it can find a home. And once it finds that home, its job is to spread where it can as quickly as possible.”
Organizations need a new approach beyond the traditional prevention model. Rubin says CISOs and their security teams now have two main tasks. First, they must stay safe as much as possible. Second, when a breach happens, they need to stop a small security incident from becoming a disaster.
Rubin believes Zero Trust Segmentation (ZTS) is key to this kind of cyber resilience. ZTS is a core part of any Zero Trust strategy. It offers a consistent way to do microsegmentation across hybrid, multi-cloud environments. It's easier and more effective than using old, static firewalls. Technologies like the Illumio ZTS Platform help organizations see and reduce security risks in their cloud, endpoint, and data center environments.
ZTS aims to stop ransomware attacks from spreading. For Rubin, this is crucial for staying strong in today's fast-changing threat landscape.
Build consistent Zero Trust with Illumio ZTS + Netskope ZTNA
This month, SDxCentral’s Nancy Liu spotlighted the new joint solution that combines Illumio Zero Trust Segmentation with Netskope ZTNA in her article, How Illumio microsegmentation and Netskope ZTNA integration ‘gets zero trust covered’.
Liu referenced Gartner research showing that the collaboration between Illumio and Netskope positions them as leaders in cybersecurity. The 2023 Gartner Market Guide for Zero Trust Network Access noted that ZTNA is being widely adopted by large and mid-sized organizations. Additionally, the 2023 Gartner Market Guide for Microsegmentation predicted that “By 2026, 60% of enterprises working toward a Zero Trust architecture will use more than one deployment form of microsegmentation, which is up from less than 5% in 2023.”
Liu pointed out several benefits of combining ZTS and ZTNA:
- Complete visibility into north-south and east-west traffic, including application-to-application and user-to-application visibility.
- Consistent security as workloads move between environments, with automatic updates to security policies.
- Better collaboration between network and security teams in building a Zero Trust architecture.
The new integration helps organizations achieve a more comprehensive Zero Trust security framework without additional costs for joint customers.
“Zero Trust is not provided by just one vendor,” said Andy Horwitz, VP of Business Development and Tech Alliances at Netskope. “Netskope covers north-south traffic, Illumio covers east-west, and together they provide full Zero Trust coverage.”
Todd Palmer, Senior VP of Global Partner Sales and Alliances at Illumio, emphasized the importance of automating security and gaining network visibility in the face of sophisticated cyber threats. He also noted that the partnership between Illumio and Netskope is expected to continue growing.
John Kindervag debunks 4 common Zero Trust myths
Over ten years ago, John Kindervag, Creator of Zero Trust and Chief Evangelist at Illumio, introduced the Zero Trust model. Today, 72% of large organizations are planning or already building Zero Trust, according to Forrester research. Despite the widespread adoption of Zero Trust, there are a few key misunderstandings about the strategy. Kindervag disproved these myths in his article for SC Magazine, Debunking four common misconceptions around zero-trust.
Myth #1: Zero Trust means making a system trusted
Kindervag cleared up that Zero Trust is about getting rid of trust from cybersecurity. This is contrary to the traditional trust model where different parts of the network have different trust levels. External networks were not trusted; internal networks were highly trusted. This approach allowed attacks to get past firewalls and freely access critical data within the network.
But Zero Trust opposes this widespread trust.
"We don't want to make systems trusted,” Kindervag said. “Instead, we want to get rid of the concept of 'trust' from all IT systems. That ensures the team gives every user, packet, network interface, and device the same default trust level: zero.”
Myth #2: Zero Trust is about identity
While checking identity is crucial, Zero Trust exceeds checking a user’s identity, according to Kindervag. It should also include more data such as time of day, the type of device, and the device’s threat level.
"Avoid the identity trap," he warns. Use more information than just a user’s identity to ensure secure access. This covers the flaws of using identity as the new security boundary. It also makes security better by adding layers of information to the process of checking identity.
Myth #3: There are Zero Trust products
“It’s a framework, not an SKU,” Kindervag said. Zero Trust is a philosophy that guides cybersecurity. And Zero Trust doesn't require a complete redo of existing security.
Instead, Kindervag encourages security teams to start building Zero Trust by using their current tech before purchasing new solutions. This allows organizations to build Zero Trust slowly without disrupting their current system. By adding new tools as necessary, companies can make their security posture better over time.
Myth #4: Zero Trust is complicated
Zero Trust disproves the myth that security teams must prevent all attacks – which is an impossible task.
Kindervag explained that Zero Trust focuses on making the attack surface smaller and easier to manage. This can happen in small steps without disrupting the system, making it easy for teams to build and improve their Zero Trust strategy over time.
"The Zero Trust framework actually reduces cybersecurity complexity," he said.
Want to learn more about the Illumio Zero Trust Segmentation Platform? Contact us today.