We are in the golden age of hackers, as cyber threats become sophisticated and more accessible. Attack volumes are increasing, with the NCSC even stating that attacks were at an “all-time high.” This means that security leaders are under significant scrutiny to provide tangible, measurable results and effective ROI for their investments.
However, achieving this has been difficult, given the broad freedom and accessibility that threat actors enjoy today. The availability of advanced automated attack tools, accessible dark web marketplaces, the prevalence of ransomware as a service (RaaS), and often the support of nation-states have given threat actors an unprecedented ability to Target any industry and business, regardless of size.
Most worryingly, while attackers are evolving their techniques and targeting broader industries, their core process remains the same: gaining initial access, taking advantage of lateral movement, and finding valuable assets. Most security teams are already aware of these malicious techniques. However, the continued succession of attacks indicates that organizations are not using their investments to their full potential.
Gartner predicts that $215 billion will be spent on security and risk management this year, the stakes have never been higher for CISOs. As immense pressure mounts to safeguard valuable assets while demonstrating ROI on investments to the board of directors. The answer is not in the volume of spending, but in where it is directed.
Senior Director of Cybersecurity Strategy and Research at Illumio.
Extend security strategies beyond traditional measures
Traditional security measures, while still essential, are no longer sufficient. Threat actors can compromise any user account or device across the extended network ecosystem, live on the network for months, and move laterally from system to system. They also take advantage of automated attacks and employ bots to quickly exploit vulnerabilities and spread malware.
Therefore, organizations must look beyond endpoint protection and perimeter defenses and instead shift their focus toward strategies that prevent attackers from moving laterally within hybrid IT environments. The key is understanding and disrupting the pathways attackers exploit, from initial breaches to data extraction.
However, the continued expansion of hybrid IT environments, which combine on-premises and cloud infrastructures, presents unique challenges for security teams to maintain visibility across all their assets. Ultimately, these systems become potential entry points for threat actors as they take advantage of obscured visibility to live in the system for a long time and move laterally toward desired resources.
Therefore, prioritizing defenses solely on the perimeter will not give you the best return on investment. To increase resilience, organizations should prioritize investments in security measures that address lateral movement patterns within and across hybrid IT. It's not just about blocking initial entry points, but about creating a security posture that limits the attacker's ability to explore and exploit the network.
Adopt a “take an attack” mentality
Before spending their budgets, CISOs must be strategic in aligning their investments with business objectives. It's important to first accept reality: trying to prevent a breach is no longer a realistic goal. Therefore, the focus should be on limiting the attack surface and effectively containing breaches when they occur.
This requires a “take the attack” mentality. By shifting to a mindset that expects and plans for cyber incidents, organizations can develop more resilient defense mechanisms. It involves recognizing that rape is not a question of “if” but of “when.” This recognition drives the development of strategies focused on rapid detection, response and recovery.
A crucial aspect of this shift is changing perceptions about planning for failure. Cyber incident planning should not be seen as an admission of defeat, but rather as a proactive measure to strengthen resilience. It's about preparing to respond effectively, without expecting to fail.
The best way to achieve this new mindset is by implementing zero trust segmentation (ZTS) solutions. ZTS reduces the blast radius of any attack by up to 66 percent by dividing the network into multiple small segments. This helps security teams limit user access and monitor communication and traffic flow between different segments of the network. So when unauthorized access occurs, the user's movement is limited to that particular network segment, thus thwarting lateral movement.
Additionally, ZTS extends its return on investment beyond the immediate response to a breach. We find that organizations report savings of up to 90 percent in SecOps labor and substantial reductions in tool consolidation costs, achieving savings of up to $3 million. This strategic shift not only strengthens security but also supports business continuity, protecting against the disruptive effects of cyber incidents.
Address the risks of ongoing cloud migration
Finally, companies also need to ensure that their security strategies can keep up with the scope and complexity of their developing IT assets. Migration to the cloud presents fertile ground for threat actors.
Misconfigurations and shadow IT expand the attack surface, leaving cloud resources inadvertently exposed and providing easy access to attackers. The complexity of cloud infrastructure, combined with rapid deployment cycles, increases the likelihood of such vulnerabilities, making diligent configuration management and continuous security monitoring essential.
Most importantly, zero-day vulnerabilities in cloud platforms represent a persistent threat. Attackers can exploit these unknown vulnerabilities before vendors release patches or fixes, leading to data leaks and system compromises. That's why it's imperative that organizations prioritize security investments as they expand their digital footprint.
The key to managing cloud-related risks is a deep understanding of cloud architecture and its security implications. Enterprises should assess their cloud environments for vulnerabilities, prioritizing the protection of sensitive data and critical operations. This involves implementing cloud-friendly security controls, such as identity and access management (IAM) solutions, encryption, and endpoint security.
Additionally, organizations need to continually monitor suspicious activity, employing advanced threat detection tools that can adapt to rapid cloud changes. This level of surveillance helps in the early detection of potential breaches, allowing quick action to be taken to mitigate risks.
Collaborating with cloud service providers (CSPs) improves security outcomes. CSPs typically offer built-in security features and best practice guidance. Leveraging these resources, along with a comprehensive security strategy, can significantly reduce your attack surface.
Ultimately, as digital footprints expand, organizations must keep security outcomes at the forefront of their planning and investment decisions. By understanding the unique challenges of cloud environments and adopting ZTS within the “assume an attack” framework, enterprises can achieve the best ROI on their investments.
We have presented the best protection against ransomware.
This article was produced as part of TechRadarPro's Expert Insights channel, where we feature the best and brightest minds in today's tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here: