A new report released today by Akamai Technologies calls out the increasing number of ransomware attacks but finds a prime method of recovering from them isn’t being used often enough.

The report, entitled The State of Segmentation 2023, surveyed 1,200 computer professionals working for large companies from around the world. It found that though microsegmentation is one of the best ways to protect their digital assets, fewer than a third of respondents were using more than a couple of network segments.

The term refers to segregating networks into smaller pieces, with application-based firewalls and other protective measures, as a security measure that can often stop attackers from roaming freely across an enterprise’s infrastructure. It’s also useful for having security controls and services delivery tuned for each particular application.

Microsegments work: Organizations that have used them have found that the recovery time from an attack can be reduced to four hours on average, which is 11 hours faster than those that haven’t deployed the technique. “Imagine the difference those 11 hours make to your team, customers, brand reputation and revenue,” wrote Steve Winterfeld, Akamai’s advisory chief information security officer.

Interestingly, the leading microsegment proponents by nationality, according to those surveyed, are Indian, Mexican and Japanese companies. American companies came in second-to-last place in that list, with Brazilian companies last.

The biggest obstacles to segmentation, according to the report, are a lack of expertise in how to implement them or a fear of poor network performance. That’s curious, since segmentation is far from a new concept, so the reticence shows a lot of folklore rather than any basis in facts. Other reasons cited for slow adoption are shown in the accompanying chart.

There is a double standard when it comes to microsegments, according to the report. For example, 5% of public sector respondents report having no segmentation — even though 93% recognize its importance. That was the lowest adoption rate among the various organization types.

Microsegments are just one aspect of implementing a zero-trust architecture. Others include role-based access and continuous authentication. The goal here is to protect all workloads and applications, no matter where they’re located, and to provide this protection at a granular level and contemporaneously when users access particular data.

The report also found ransomware attacks among the surveyed population has doubled since a similar survey was done two years ago, with U.S.-based companies still the biggest targets.

Image: Akamai