Overconfidence in defences has plagued humanity throughout history. Whether it was France’s misplaced faith in the Maginot Line on the eve of World War II, or the sinking of the so-called “unsinkable” Titanic, we often place our trust in something, only to realise when it’s truly tested, it crumbles. 

Unfortunately, as technology has advanced, this overconfidence is something that still can’t be shaken off. Recent research from Illumio found that 54 percent of businesses believe they are secure, yet 88 percent have fallen victim to ransomware attacks. This overconfidence is coming at a steep price as 58 percent of organisations hit by ransomware were forced to halt operations. Beyond the immediate disruption, 40 percent reported significant revenue loss, 41 percent lost customers, and 35 percent suffered lasting brand damage.

These numbers reveal an uncomfortable truth and show we’re not doing enough to prepare for the reality of cyber-attacks. It’s time to rethink our approach and realise the key to effective defence is not keeping attackers out, but mitigating their impacts when they get in.

The flaw of one-dimensional defences

In cybersecurity, prevention has long been the first line of defence, and rightfully so. Investments in firewalls and intrusion detection systems are key to stopping a cyber-attack before it can begin. However, it’s clear that prevention can only take us so far. 

Perimeter defences have certainly reduced the probability of a successful cyber-attack, but this has started to level off in recent years. This asymptotic trend will never achieve complete protection. Perimeter defences alone are becoming less reliable in stopping more advanced attackers, it is vital that critical security areas like containment and resilience are not neglected.

If an organisation’s focus is only on keeping the door locked without any plan in place for when an attacker gets in, then once inside, the attacker can cause havoc through the network. 

This overreliance on prevention can create a false sense of security. With more and more money being spent on perimeter defences, organisations can easily become overconfident with the idea that more money equals better security. This isn’t the case. 

The false sense of security from backups

It’s easy to fall into the trap of thinking backups are an effective safety net against an attack when it happens. With effective backups, organisations can easily restore their systems and make it easier to get back up and running after a breach.

However, attackers are now going after backup systems as well.

Over half of organisations think backups alone are a sufficient defence, showing the issue of overconfidence within organisations - especially as 98 percent of ransomware attacks actually target these backups.

As a result, putting faith in backup procedures is no longer enough and effective segmentation policies are vital for modern security. Without taking proper steps to protect backups and ensure they’re isolated from the rest of the network, businesses risk being caught in a cycle of attack and recovery that does little to prevent future breaches.

The importance of resilience and Zero Trust

To overcome the growing threat of ransomware, businesses must shift their mindset from one of “prevention at all costs” to one of “assume breach”. In today’s digital landscape, assuming that a breach will occur at some point is far more realistic than assuming that it won’t. 

Cyber-attacks are now a matter of “when,” not “if.” The key to surviving and thriving in this environment is resilience and the ability to detect, contain, and recover from attacks quickly and efficiently.

One of the most effective ways to strengthen resilience is by embracing Zero Trust security principles. Zero Trust assumes that no one, whether inside or outside the network, can be trusted by default. 

With strict access controls, continuous monitoring, and segmentation within the network, organisations can contain a breach at its source and limit its spread. This approach helps to mitigate the risks associated with lateral movement and reduces the chances of widespread damage. 

By adopting Zero Trust, businesses can build a security framework that is far more adaptable, responsive, and effective at minimising the damage from ransomware, giving them the upper hand in the ongoing battle against cyber threats.

Don’t ignore lateral movement

Illumio’s research highlights the prominent issue of lateral movement within networks. Attackers are taking advantage of unpatched systems to spread through environments and gain further access. In over half of ransomware cases, lateral movement played a key role, accounting for 52 percent of ransomware cases, up from 33 percent in 2021. Attackers are clearly getting better at moving through the network undetected and more must be done.

This problem has been exacerbated through the increase in hybrid and cloud environments which make visibility even more challenging. Around 35 percent of organisations struggle to respond to ransomware because they can’t see what’s happening across these systems. These blind spots give attackers more chances to slip through.

It’s clear that perimeter defences aren’t enough to combat this rise. Organisations need to adopt micro-segmentation policies, which allow more control over lateral movement within the network. By segmenting applications and workloads, attackers can spread much harder once they've compromised one part of the system. 

Micro-segmentation also provides visibility into both hybrid and cloud environments to help teams spot and respond to threats faster. Through micro-segmentation technology, organisations can improve their security posture by limiting the impact of an attack and defend better against evolving ransomware threats.

Trevor Dearing Director of Critical Infrastructure Illumio