How Effectively Are You Deploying Segmentation to Mitigate Cyberattack Risks?
The headlines make one thing clear about cyberattackers: They don’t discriminate. Ransomware attacks are aimed at organizations of all sizes across multiple industries, including critical sectors like ecommerce, healthcare, finance, and energy. Security teams are under intense pressure to find solutions that keep their environments protected, without sacrificing performance, innovation, or their customers’ safety and well-being.
Providing an industry-specific lens on today’s ransomware threats
What industries are at the greatest risk of cyberattacks? And how effectively are organizations within those sectors deploying segmentation solutions to mitigate risk? To find the answers, Akamai recently completed a major, new analysis of survey data from 1,200 global security professionals to provide an industry-specific lens on today’s ransomware threats and their corporate progress toward implementing and evolving segmentation solutions. These professionals share key weaknesses and plans for improvement.
What is segmentation?
Segmentation is the practice of splitting a network into multiple smaller networks. IT operators have long used methods like internal firewalls, virtual local area networks, and access control lists to segment environments and applications to reduce the risk introduced by flat networks.
More recently, microsegmentation has emerged as a cornerstone of modern Zero Trust security frameworks to more effectively reduce attack surfaces while minimizing deployment obstacles.
Key takeaways from the 4 new state of segmentation reports
The results of Akamai’s research are summarized in four new global state of microsegmentation reports (linked below) that each cover a key industry at the top of cyberattack hit lists: ecommerce, healthcare, financial services, and energy. These new Akamai-commissioned ebooks from Vanson Bourne, a leader in business-to-business research, provide a fascinating look at today’s threat landscape and the significant impact a comprehensive segmentation strategy can have on mitigating risk.
Here are just a few key takeaways from the reports:
Ecommerce organizations reported the highest number of successful and unsuccessful ransomware attacks in the past year: 167, on average, which is more than double the number of the next highest sector.
Healthcare and ecommerce organizations are the industries that are most likely to suffer financial losses after a cybersecurity attack: 43% and 42%, respectively.
Energy saw an increase in ransomware attacks year over year, with a notable increase in data loss.
Financial services organizations saw a 50% uptick in ransomware attacks.
In Europe, the Middle East, and Africa (EMEA), IT security decision-makers in financial services are more likely to emphasize the importance of network segmentation. However, they are the least likely to report that business-critical assets have been segmented (7%).
Ecommerce is less likely than other industries to have segmented their servers: just 12%, on average, compared with 19% overall.
Healthcare is more likely to have encountered issues around expense and issues around proprietary equipment when segmenting their network (41%, compared to 32% overall).
Ransomware attacks against healthcare organizations increased by 162% from 2021 to 2023.
Segmentation reduces the threat surface
Perhaps the most significant finding was the revelation that, after a breach, recovery occurs 11 to 13 hours faster (depending on the industry) when segmentation is implemented across critical business areas such as applications, domain controllers, endpoints, servers, and more. Other significant, measurable benefits include faster identification of breaches and accelerated containment of the attack.
Revealing industry and regional trends
The reports highlight notable industry trends.
Healthcare and ecommerce stand out as industries under intense pressure from cyberattacks.
By contrast, security professionals in the financial services industry reported greater confidence in their cybersecurity posture than did the professionals in the other sectors surveyed.
Energy organizations indicated that 24% of them have not perceived an attack in the last year, while the average perception in other markets is 5%. However, successful attacks in this industry can have a more severe impact on society.
The reports also provide a view of attack activity and impact through a regional lens within each industry studied.
Ecommerce organizations in Latin America (LATAM) were more likely to say microsegmentation is the top priority (42%) than were their counterparts in Asia-Pacific (APAC; 35%), the United States (34%), or EMEA (26%).
Ransomware attacks targeting ecommerce were far more common in the United States (312, on average, over 12 months) than in EMEA (91), APAC (119), or LATAM (68).
By contrast, financial services saw the greatest average volume of attacks in APAC (73). The United States saw 59.
- APAC respondents in ecommerce were particularly likely to highlight financial loss from a ransomware attack, with more than half (51%) doing so, compared with the overall average of 42%.
Cyberattacks are a matter of when, not if
According to Richard Meeus, Director of Security Technology and Strategy, EMEA, at Akamai, “Organizations should assume breach. This is not being overly dramatic, but allowing businesses to focus on what is core to their business. They should segment their networks to make it difficult for would-be attackers to move through them in search of valuable data to steal.
“Like a submarine, if one compartment is breached, it doesn’t risk the whole boat because you can limit the flooding by closing the bulkheads. Unfortunately, suffering a cyberattack is a matter of when, not if, so getting everything water-tight is much better than sinking to the depths.”
As the frequency and impact of ransomware attacks and other cyberattacks continue to grow, segmentation is moving to the center of corporate Zero Trust strategies. Our new global state of microsegmentation reports provide a fresh, industry-centric perspective on this critical security topic.
Learn more
Find out more in these industry-specific impactful reports: