Cybersecurity company Illumio as part of their “Zero Trust Impact Report” found that leaders that employ zero trust architecture thwart five major cyberattacks per year, saving their organizations an average of $20 million annually. Of the surveyed 1,000 IT and security professionals across eight countries, 47% said they do not believe they will be breached despite increasingly sophisticated and frequent attacks due to their use of the security framework.
“Catastrophic breaches keep happening despite another year of record cybersecurity spending,” said PJ Kirner, Illumio co-founder and CTO. “I’m shocked that nearly half of those surveyed in The Zero Trust Impact Report do not think a breach is inevitable, which is the guiding principle for Zero Trust, but I am encouraged by the hard business returns Zero Trust and Segmentation deliver.”
Zero trust principles become the standard
Despite the number of attacks rising, the majority of security leaders surveyed still strongly believe they are not in danger of being victimized. Within the last two years, 76% of organizations surveyed said they had been a target in a ransomware attack, and 66% have experienced at least one software supply chain attack. While these numbers continue to grow, IT decision-makers believe that zero trust security is not only the correct route to take but a pillar in the security frameworks moving forward.
SEE: Top 5 things about zero-trust security that you need to know (TechRepublic)
Nearly all (90%) of those surveyed say that advancing zero trust strategies is one of their top three security priorities this year to improve their organization’s readiness in the event of a cyberattack and reducing the impact attacks can and would have on their business.
“Money will not make the problem go away until security leaders move beyond the legacy approach to only focus on detection and perimeter protection,” Kirner said. “Zero Trust Segmentation is emerging as a true market category that is transforming business operations and strengthening cyber resiliency.”
Zero trust segmentation has also become necessary within the security architecture, as three-quarters of segmentation pioneers believe purpose-built segmentation tools are critical to zero trust, and 81 percent say segmentation is an important technology to zero trust. Segmentation is a modern approach to stop breaches in their tracks before they spread across multiple facets of a business, such as the cloud to the data center.
SEE: Zero trust: The good, the bad and the ugly (TechRepublic)
Adopting zero trust architecture
With software supply chain attacks (48%), zero-day exploits (46%) and ransomware attacks (44%) making up the three biggest threats that survey respondents fear, it is crucial that businesses begin to adopt these principles of cybersecurity. One major point for enterprises is the “assuming breach” mentality. In this mindset, if companies already believe their systems or devices have been compromised, it has proven to reduce the risk of an actual attack. With 52% of security teams responding that their organization is ill-prepared to withstand the cyberattacks and 30% saying an attack would probably end in disaster, it is crucial that enterprises are doing everything in their power to remain secure.
Zero trust segmentation is another principle used to reduce the risk associated with cyberattacks. Users who are well-versed in segmentation are almost twice as likely to prevent compromises from spreading to other systems (81% to 45%) versus users who do not practice segmentation.
The three actions laid out by Illumio that businesses should consider when implementing zero trust segmentation are:
Visibility is the process of understanding why a system was breached by looking at all application types, locations and endpoints. The ability to contain the threat in question is the next step, by preventing attacks and the cybercriminals behind them from infecting systems before they spread. Finally, moving from a proactive approach to protection versus a reactive one can save businesses many headaches and money spent in the long run.
By following these principles and adopting this form of security, businesses can actively look at how best to protect themselves instead of trying to mitigate the effects of a cyberattack after they have already taken place.