Image credit: Michal Bednarek/Shutterstock
Can’t you attend Transform 2022? Check out all the summit sessions in our on-demand library now! look here.
Ransomware is easily one of the most notorious businesses of the 21st century – in the past 24 months Unprecedented success by targeting vulnerabilities in the cloud and across the software supply chain, attacking industrial processes and targeting unsuspecting victims during holidays and weekends.
To make matters worse, as our hyper-connected world breeds new and emerging threat vectors every day, we know that breaches are inevitable today, cyberattacks is the new normal – they happen as we speak. Research shows that 76% of organizations have fallen victim to a ransomware attack in the past two years, and 82% have paid at least one ransom.
Cybersecurity spending is higher than ever, but we’re still taking a huge toll on ransomware — not just financially. Attacks like Colonial Pipeline and SolarWinds have reaffirmed the social and economic impact of ransomware, and we continue to witness devastating attacks on U.S. critical infrastructure and other vital civilian sectors (think education and healthcare).
Too many organizations still fall on deaf ears in the eyes of the cyber storm, so apathy and lack of action is unacceptable. Business leaders must act aggressively to build cyber resilience before it’s too late.
event
MetaBeat 2022
MetaBeat will be on October 4th at San Francisco brings together thought leaders to provide guidance on how Metaverse technology is changing the way all industries communicate and do business, CA.
Register here
A decade ago, this was enough for the enterprise. Leaders only focused on strengthening the prevention of perimeter defenses (VPNs, firewalls). Now, with the acceleration of digital transformation efforts – driven largely by the pandemic and today’s hybrid work era – the attack surface has expanded significantly, leaving more endpoints, cloud environments and potential avenues of exploitation open and available for Bad actors use.
As organizations now manage mixed workforces, vast mixed IT assets, and expanding supply chains, this is no longer if The bad guys will beat the perimeter defense; this is when
The problem. That’s why today’s industry-wide focus on “enhancing resiliency” has never been more timely or necessary.
One of the resilience frameworks that has been pushed further into the cyber spotlight over the past 24 months is Zero Trust. This approach to cybersecurity was first introduced by Forrester more than a decade ago. It is a framework based on the principles of “presumed default” and “least privilege”.
Under the Zero Trust approach, organizations are encouraged to limit access to a selected necessary minority (least privilege) and assumes that everything will inevitably be broken (assuming a violation). The duality of zero-trust thinking identifies breaches with certainty, while ensuring that organizations rigorously secure access and proactively mitigate risk. We like to call it “reducing the risk of noncompliance.”
By implementing Zero Trust practices, technologies and policies, organizations are better able to quickly resolve cyber incidents (reduce downtime) and mitigate the accompanying business and operational impacts. However, to help the private and public sectors maximize resilience, agencies, organizations and the federal government must still take some steps.
In today’s hyper-complex, dynamic, cloud-first world, cyber resilience will not work unless we reach a collective agreement on the best way forward.
There is still considerable confusion within the federal government about cybersecurity mandates and best practices. While President Joe Biden’s executive order last May called for a zero-trust framework for the federal government (reaffirming the importance of a zero-trust framework earlier this year), including the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Various agencies and technologies, including the National Institute of Standards and Technology (NIST), as well as the U.S. Department of Defense, have adopted different Zero Trust best practices.
Organizations are increasingly recognizing that cybersecurity is a critical task, but there is no unified consensus on what zero trust should look like in action. The lack of a single plan creates confusion and hinders our ability to educate, which ultimately hinders resilience efforts in general. To become more durable in cyberspace, we must agree on a plan that works—some kind of playbook—and provide organizations with a unified front for how they can strengthen their foundational resiliency efforts with zero trust.
Continued cybersecurity education at a broader level is also critical to further ongoing resilience initiatives. In June, President Biden signed the State and Local Government Cybersecurity Act of 2021, which requires the National Cybersecurity and Communications Integration Center (NCCIC) to provide training, conduct exercises, and promote cybersecurity education and awareness at all levels of government Additionally, earlier this year, the School Cybersecurity Grants Act of 2022 was introduced, allowing CISA to provide grants for cybersecurity education and training programs at the elementary and secondary education levels.
This is the federal cyber power we need. As the hybrid attack surface around us continues to evolve and expand, we need to continue taking steps in the right direction—and we need to move faster. The enemy of a good plan has always been a perfect plan. As we strive for perfection, attackers are always on the move. When we are debating, they are attacking. We must gradually become safer and build resilience every day.
The way forward
Ransomware and cyber attacks are not going away. In fact, the threat landscape is changing, with bad actors rebranding and innovating more aggressively than ever. But companies, government agencies, and other organizations can foster resiliency efforts by continuing to educate on cybersecurity best practices, publishing formal guidance on zero trust and other core resiliency frameworks, and ultimately taking action.
As our world becomes increasingly hyper-connected, resilience initiatives such as zero trust are only as strong as the weakest link in our global chain. As our adversaries continue to operate more aggressively in cyberspace, there has never been a better time for us all to achieve consensus and increase our resilience.
Andrew Rubin is the CEO and co-founder of Illumio
DataDecisionMakers
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including technologists working with data, can share data-related insights and innovations.
If you want to learn about cutting edge thinking and the latest information, best practices and the future of data and data technology, join our DataDecisionMakers.
You may even consider publishing your own article!
Read more from DataDecisionMakers
