[By Venky Raju, Field CTO, ColorTokens]
In today’s highly digitalized and collaborative business environment, the likelihood of a cybersecurity breach is a matter of when, not if. Nearly every high-profile breach reported in the news has been a result of a cyberattack that penetrated perimeter security, such as firewalls, anti-virus, authentication, and endpoint detection.
Unfortunately, these breaches resulted in significant business disruption, multi-million-dollar financial losses, reputational damage, and more. For example, the recent ransomware cyberattack on Change Healthcare has been one of the most disruptive in years, including the theft of 6 terabytes of data, nationwide prescription processing outages and potential patient lawsuits. This will have rippling effects on medical providers for months to come.
Common Vectors, Evolving Tactics
There are a few different ways bad actors can infiltrate the system. Users can be compromised through phishing or other means, such as business email compromise, which make up more than one-quarter of all cybercrime losses, according to FBI’s 2022 Internet Crime Report. Alternatively, they can infiltrate through edge devices connected to the internet by exploiting a weakness in the system or compromise the device itself through malware. Another point of entry could be through third-party risk, such as malware implanted in hardware or software within a device. Lastly, insider threats remain a significant risk for businesses in all industries as employees leak internal data, whether intentionally or not.
With recent technological advancements in generative AI, hackers are taking advantage of this and developing more sophisticated strategies for launching attacks against organizations. The number of attacks continues to increase—A 2023 report found that three out of four of security leaders witnessed an increase in cyberattacks, with 85% attributing this increase to hackers leveraging generative AI.
What Companies Are Doing Wrong
Enterprises are currently investing in perimeter security solutions, such as MFA, firewalls, and EDR to protect themselves against these cyberattacks, but unfortunately these are not 100% foolproof for sophisticated hackers. Still, many businesses mistakenly entrust these solutions and consider this an acceptable risk because they believe this is the best they can do. CISO and IT leaders need to be right 100% of the time, while the attacker only needs to be right once. Once hackers bypass these security measures, they can cause significant damage. Because of this, organizations need to go beyond traditional perimeter cybersecurity to proactively defend themselves and operate under the assumption they will eventually be attacked. The only thing they can control is whether the attacker is able to breach the system and cause damage.
Get “Breach Ready”
To get “breach ready,” security teams should be under the assumption that every attack they are subject to will cause a breach. As a result, businesses should proactively prepare with a defense-in-depth strategy rooted in the Zero Trust security model. To implement a Zero Trust security mindset, organizations need to remove implicit trust and access permissions wherever possible to keep the perimeter well-protected. However, this only solves half of the problem. Security leaders should have additional measures in place to provide a contingency “plan B” so they can maintain resilience even in the face of a successful attack. This way, organizations are in control and can reduce the impact of a breach by over 90%.
Microsegmentation is a proactive cyber defense strategy that addresses this gap. It differs from EDR, firewall, and anti-virus defense solutions by automatically assuming a breach has already occurred. Microsegmentation stops the spread of malware or ransomware after a breach by establishing a micro-perimeter around every asset in the enterprise network and preventing lateral movement. It allows security teams to define which asset groups should communicate and their purpose in business processes. When an attacker successfully breaches a device undetected, the extent of the damage will be determined by where the attacker can move next. Microsegmentation stops ransomware and other malware before catastrophic damage occurs by using application ringfencing, granular traffic controls, and threat-mitigation policies.
Microsegmentation Bottlenecks
Microsegmentation adoption does not come without its challenges and misconceptions. Implementing this security strategy is a large project for security leaders to take on. A CISO’s initial priorities when tasked with securing their organization are to implement MFA, firewalls, API security, and email security solutions. These take very little involvement from other teams, don’t require stakeholder buy-in, and have minimal business disruption for employees. Since microsegmentation involves isolating the entire server landscape and securing every endpoint, this usually directly impacts every employee.
CIOs are also hesitant to start their microsegmentation journey because it requires participation and buy-in from various teams. A major bottleneck for implementation is the fundamental people problem of CISOs vs CIOs. CIOs are focused on business continuity and technology ROI, while CISOs are focused on reducing security risk. CIOs may have preconceived notions and resistance against implementing complex security measures such as microsegmentation. There is also the challenge of getting approval across different teams before enforcing access policies. It will require cooperation from employees at all levels.
Additionally, many companies use various cybersecurity systems across multiple vendors. This can cause confusion for security leaders due to oversaturation of the market and create a false sense of security for organizations using multiple solutions. Other companies use circumvented security measures and are waiting for an all-encompassing security solution to solve the burden of microsegmentation adoption.
Planning Ahead
To get “breach ready”, organizations should first prepare themselves and identify gaps in their security stack. Solutions need to go beyond traditional perimeter cybersecurity to proactively defend against attacks and lateral movement. Security leaders should adopt a defense-in-depth strategy based on a Zero Trust security model. Incremental network segmentation can help address some of the hesitations with microsegmenation by gradually implementing policies, removing unnecessary privileges, and alerting security teams when there is a breach. Along the way, businesses can implement additional policies if necessary. This will prevent further business disruption, financial losses, and reputational damage by isolating systems in the event of a breach.
