The Rise of Breach Readiness in the Face of Modern Cyber Attacks

By Satyen Desai, Vice President of Asia Pacific, ColorTokens

Businesses today face an incredibly challenging environment riddled with issues that they have varying levels of control over. One specific area that has seen seismic shifts in complexity, volume and awareness over the last few years is cybersecurity. Intrinsically linked with business risk, cybersecurity is now firmly on the boardroom agenda, but the evolution of cybercrime has left organisations uncertain about what steps to take to protect themselves.

The focus for security used to be about protecting the perimeter, as work practices shifted, and digital transformation took hold we moved towards protecting the endpoint. This was all about breach prevention, stopping the enemy outside from getting into the organisation. Today, businesses need to accept that they are going to be attacked and even breached so the focus needs to shift to breach readiness.

We need to shift our mindset from stopping the bad guy getting in to stopping them getting to where they want to go. That’s not to say there shouldn’t be a focus on breach prevention. It’s imperative that businesses continue to make it as hard as possible for breaches to happen. However, it is already established that the bad guys will get in (due to gaps in asset/patch/change management or configuration errors or human error)… and when they do, we must have capabilities to make it as hard as possible for unauthorised users to navigate lateral movement to the organisation’s crown jewels… the most critical data.

How have we arrived at this point? Firstly, cybercrime is a big business and when there’s money to be made eCriminal groups will look at ways to improve their ability to get into an organisation and, once in, expedite their progress to their objective… getting an organisation’s prized data. Secondly, as cloud adoption grows, the attack surface that eCriminal groups can target expands. It means that there is more for organisations to have to protect and monitor, more work for the already under-resourced security team to do in a much shorter timeframe than before.

Breach readiness must complement breach prevention

Being “breach-ready” is a preparatory cyber defence technique that enables an enterprise to take pre-emptive action during cyber-attacks. It’s about hardening the digital computing landscape by disconnecting micro-perimeters to prevent a breach from becoming a crisis. At its core, breach readiness is fundamental to a Zero Trust architecture.

Of the three methods that can be used to implement Zero Trust as per international standards, the foundational capability for breach readiness is microsegmentation. It offers a strategy that postures the enterprise for resilience by design. It does this by preventing the lateral spread of a breach after an initial compromise, isolating critical digital operations, and quarantining compromised systems.

Microsegmentation needs to be pervasive across IT. OT and Cloud environments to cover all types of assets and endpoints in the enterprise landscape. Without being pervasive enterprise wide, attackers will find a way to walk around the gate if it’s not part of a continuous fence.

With the ever-dissolving perimeter and a constantly evolving IT landscape of microservices, remote users, and IoT devices, ColorTokens recognised the need to go beyond traditional network-based microsegmentation. Its mission is to provide for an enterprise at all potential points of breach and that is why it has been acknowledged by independent analyst firms including GigaOm and Forrester and why it is actively expanding its business in the Asia Pacific region.

ColorToken’s recently announced acquisition of PureID was again about enhancing its microsegmentation offering to solve the cybersecurity challenges of today. Bringing the identity/authentication and microsegmentation pillars together helps improve the breach readiness of organisations.

Breach readiness today and beyond

The market for cybersecurity is increasing at a rapid pace but alongside that, cyber-attacks are increasing in volume and sophistication. We’ve seen recent breaches shut down organisations entirely as they struggle to identify and remediate the attack. Breach readiness shifts the narrative to one where an unprecedented attack no longer means a business has to halt operations. It’s now about being able to contain that attack in a part of the business while the rest can operate as normal.

Breach readiness is mandatory to marshal cybersecurity technology, processes and people to prepare for a future attack, while enabling digital operations to help business leaders innovate and aim for market leadership amidst continuous digital threats. With regulatory changes, making CISOs and senior leadership of enterprises liable across the Asia Pacific region including in Singapore, Australia and New Zealand; being breach ready is no longer and luxury, but an immediate problem that needs to be addressed as early as yesterday.

So, with breach readiness being a central part of cyber defence, we’ll see a much greater adoption of microsegmentation enabling businesses to benefit from continuity in the event of a cyber-attack. The evolution of microsegmentation is to do with pervasiveness, where it will be managed from a single platform. The last thing organisations then need to consider is cyber resilience, where they have the ability to adapt in the face of a cyber-attack and, as a result, thrive as a business.

Detection and prevention technologies have served us well, but we need to move beyond those with the assumption that attackers are going to find a way into the organisation, it’s time to be breach ready and cyber resilient.