By Raghu Nandakumara

The digital landscape is facing more intense threats every year. Sophisticated attacks like ransomware are reaching record highs, and financial losses are piling up across industries.  Organisations in the UK lose an average £3.4 million to data breaches each year, highlighting a lack of effective strategies to defend against modern adversaries. 

Why is this happening? Because in a landscape filled with AI-empowered Advanced Persistent Threats (APTs) and ransomware, most organisations still employ outdated defensive tactics. It’s like setting the latest in military hardware against World War I trench warfare defences.

Trench warfare is renowned for having caused stagnation, psychological stress and high casualties. Although the tactic resulted in the allied victory in Europe, it also highlighted systematic failures within military strategy. The same can currently be said about our cybersecurity strategies. Billions of pounds are being spent annually on cybersecurity, yet breaches are bigger and more frequent than ever. All it takes is one successful breach to cripple an organisation’s operation, so where is this money going, and where should we invest it instead?

The turning point – from prevention to containment 

The evolution of cybersecurity can be analysed through two main phases. The first began in the 1990s, centred around firewalls and tools aimed solely at prevention. Just as the French constructed the Maginot Line to prevent a potential German invasion, these tools built a fortress around crucial assets such as data centres and offices to keep cybercriminals at bay. 

As technology advanced and connectivity increased, cybersecurity transitioned into a phase of detection and response. Criminals would inevitably breach these virtual fortresses, exploiting vulnerabilities and fine tuning their attack techniques, just as the Nazis were able to use innovative Blitzkrieg tactics to crush through France’s fortress-style defences. In this era of cybersecurity, tools like Endpoint Detection and Response (EDR) became essential to quickly detect and eject bad actors and counter the digital game of cat and mouse. 

However, the sweeping digitisation triggered by the pandemic changed the rules of the game. Without warning, every organisation went from being digital-aware to digital-first. Virtually overnight, CISOs faced the monumental task of securing global assets, including a surge in remote workers. This massively expanded the attack surface and brought us to the current era of breach containment. Unlike its predecessors, this period operates under the assumption that breaches are not just possible but inevitable. For the first time, the cybersecurity field is adopting a proactive stance. 

Just as the Kennan Doctrine aimed to contain Soviet expansionism in the Cold War, the current era of cybersecurity focuses on containment to reduce the impact of attacks. Consider the ransomware attack on Advanced, an NHS supplier, which significantly disrupted the emergency 111 service. Or the side effects of Colonial Pipeline being compromised that forced to shut down the pipeline for five days, impacting consumers and airlines. Both these cases started as a small breach before escalating; the objective now is preventing attacks from spiralling into large-scale operational disasters. 

Zero Trust and microsegmentation: The new RADAR in the boardroom 

As cybersecurity stakes escalate, it has never been more critical for organisations to adopt forward-thinking strategies. Traditional defensive mechanisms are no longer enough. Instead, organisations must embrace transformative and modern security strategies like Zero Trust and technologies like Zero Trust Segmentation to build resilience.

Zero Trust is a robust strategy that requires strict verification for every user and device trying to access resources on a private network. Unlike traditional security approaches, Zero Trust operates on a “never trust, always verify” principle. This helps mitigate the risk of unauthorised access and curb the potential spread of threats, even when a breach does occur. Zero Trust Segmentation, a key facet of Zero Trust, fortifies this strategy by compartmentalising interactions between network resources. Such technological upgrades are not mere IT tactics; they are strategic initiatives that deserve board-level attention. 

 In the Battle of Britain, RADAR served as a game-changer by shifting defence from reactive to proactive, enabling timely responses even before enemy aircraft entered British airspace. In a parallel way, Zero Trust and Zero Trust Segmentation offer the same anticipatory advantages in cybersecurity, allowing for preemptive action against threats. 

Just as military intelligence is restricted to personnel with adequate clearance, Zero Trust limits access only to those who explicitly require it, thereby minimising the attack surface. Furthermore, Zero Trust Segmentation aims to isolate compromised network segments to prevent the lateral movement of an attacker, much like how the encirclement strategies worked in historical military campaigns.  

For instance, in the Battle of Stalingrad, the Soviets managed to encircle and isolate the German forces within the city. This encirclement, known as “Operation Uranus,” cut off supplies and reinforcements, eventually forcing a German surrender and marking a turning point in World War II. In a cyber context, Zero Trust Segmentation acts as a modern-day encirclement tactic, isolating attackers and cutting them off from critical assets, thereby neutralising the threat they pose. And when combined with technologies such as Zero Trust Network Access (ZTNA), organisations can significantly strengthen their defences against the adversaries they square up against on a daily basis.   

Building cyber resilience for a new generation of cyber warfare

This proactive and advanced approach to cybersecurity is what all board members should be championing if they truly want to build resilience against modern cyber threats. The need for a radical change in security isn’t just an IT concern; it’s a business imperative that calls for collective efforts. 

Today, a priority of cybersecurity is maintaining operations during an active attack. The good news is that we’re finally heading in the right direction; new regulation like NIS2 and DORA means that cybersecurity is finally getting a well-deserved place on the board. But we have a way to go until the war is won. Success will depend on organisations’ ability to equip and arm themselves with strategies and technologies that are purpose-built to combat modern adversaries.  By adopting a more proactive stance, we can not only defend but also secure critical assets—from national infrastructure to personal data—more effectively.

About the Author

Raghu NandakumaraRaghu Nandakumara is Senior Director of Industry Solutions at Illumio based in London, UK, where he is responsible for helping customers and prospects through their segmentation journeys.  Previously, Raghu spent 15 years at Citibank, where he held several network security operations and engineering roles.

Leave a Reply

Your email address will not be published. Required fields are marked *