But for IT security teams, this is the beginning of a new headache. Illumio surveyed over 300 IT professionals in Australia and New Zealand this year and, unsurprisingly, 65 percent of them saw work-from-home practices as a cybersecurity concern. And now that employees have the flexibility to work both from the home and in the office, that concern is compounding.
What is surprising is that the cyber strategies many rely on aren’t rising to the challenge. The survey also revealed a significant number of Australian businesses (59 percent) still rely on firewalls and VLANs to defend their networks and prevent critical data from being breached, despite evidence that legacy technologies and security architectures do not adequately protect against new and emerging cyber threats.
It’s not just Australian cybersecurity professionals either: a recent US study by Cybersecurity Insiders of over 287 cybersecurity professionals showed that the main controls used to protect company data continue to be anti-virus/malware (80 percent), firewalls (72 percent), and virtual private networks (70 percent). While too early to retire them, it’s also wrong to trust that they’ll keep your business completely safe from harm. Every ransomware headline is evidence of this.
It’s clear that most companies rely on perimeter security and trusting employees to log onto the VPN to keep their data and business safe. The problem is, firewalls and VLAN systems are complex and often difficult to maintain as they scale - and they’ll be required to scale more than ever to meet the demands of a new perimeter created by a cloud and mobile enterprise, and as a result, they’ll become less and less effective over time. Focusing solely on securing the perimeter fails to account for what happens when a breach inevitably occurs and an attack, or adversary, makes it inside.
Last year, around the world we spent more on security than ever before, yet we see frequent and devastating attacks (i.e. SolarWinds, Exchange, and the Colonial Pipeline attacks).
We need a change in strategy, a new security model. Security teams need a plan that’s resilient in today’s dynamic business model and in the face of evolving threats, one that limits the impact of inevitable breaches and stops them from becoming crippling headline incidents.
We need a Zero Trust approach. Chase Cunningham defines Zero Trust as a concept, “That centers on the belief that trust is a vulnerability, and security must be designed with the strategy, ‘Never trust, always verify.’” Organisations cannot achieve Zero Trust with one single product or vendor – it’s a philosophy that should be addressed at every level of an environment.
Zero Trust Segmentation is a security capability that prevents attackers from moving laterally in a network and is a key pillar of any Zero Trust strategy. And it’s being explored by many Australian businesses who recognise the limitation of traditional tools and networking concepts when it comes to segmenting a network to solve the lateral movement problem. Eighty-four percent of businesses surveyed say they are looking to adopt segmentation and 69 percent are committed to adopting segmentation soon (within 12-18 months).
Zero Trust Segmentation will become a mainstay of enterprise security as applications are widening as more businesses move to support distributed workforces and realise the need for stronger internal defences to protect themselves when prevention fails.
It’s in this type of rapidly changing, complex environment where adaptive technologies, like Zero Trust Segmentation, shine. Segmentation gives organisations the visibility and flexibility they need to quickly and efficiently visualise their environment, understand the impact of a threat, and secure their data while reducing the workload on thinly stretched security teams.
If we’re going to be serious about protecting our data, our companies, and our people, particularly as employees continue to work from anywhere, we need to change the security model we rely on. In order to be resilient against cyber breaches, organisations need to take a Zero Trust approach to security, and soon.