How to avoid getting caught in ransomware's crosshairs
Paying off a bad actor for successfully implementing ransomware into an organization is the enterprise equivalent of rewarding a bad child who vandalized a home with candy -- but unfortunately, many organizations often have no choice but to pay… and pay a lot.
Technology has enabled asymmetric attacks. In other words, one attacker can federate an attack across many organizations. The attacker needs to get the attack right once -- while the defenders (corporations, governments, hospitals, etc.) need to get their defense right every… single… time!
That asymmetry has been amplified through COVID -- before, an organization could rely on their laptop defenses and network defenses. With such a large swath of the world working from home -- and only protected by their endpoint technology -- the scales have tipped even more in the attacker’s favor.
The results are massive, yet unsurprising: ransomware costs are forecasted to reach a record $20 billion by 2021, according to Cybersecurity Ventures. Organizations around the world are finding themselves defending against a barrage of ransomware attacks and many end up either having to risk a large-scale public exposure or having to pay the price.
As ransomware and bad actors evolve at a rapid and ruthless pace, one of the most surefire ways to protect your organization, your assets, and your information is by implementing a Zero Trust strategy. Let’s explore what Zero Trust is and how it can help your organization stay protected and secure.
Defining Zero Trust
At a high level, Zero Trust means you do not trust anything or anyone, inside or outside your network -- you deny access by default and only allow access to those that you absolutely know and trust. Zero Trust is a philosophy, a strategy, and an approach. It is not one single product or solution.
A Zero Trust approach starts with the mindset that one workload or endpoint is already compromised, and that system (compromised or not) should only be able to communicate with those systems they absolutely need to for a legitimate business reason.
In other words, the systems in your organization should only be able to communicate with one another for business reasons -- many people are surprised to find that this is not currently the case. The fact that devices in your organizations can communicate freely makes one compromised system a goldmine for bad actors.
If an operator assumes that one host is compromised, then ransomware can only impact one host -- it would effectively be like a host having a broken hard drive, a common occurrence for IT shops. This is fundamentally different than an entire estate being held hostage.
Ransomware attacks and breaches are not entirely preventable, but a Zero Trust approach largely prevents a successful attack from becoming a crippling, large-scale breach.
Why Zero Trust? Why now?
If 2020 was the year of digital acceleration (when organizations across industries fled to the cloud and from the office), 2021 will likely be the year of threat immersion. Consider all of the workers that have been at home since shelter in place began -- at some point next year, they’ll once again go back into their enterprises. When that happens, bad actors, who have been waiting for that day, will suddenly be able to move freely -- and compromise other systems connected to that network.
In a time when the laptop is one of the most critical assets for an organization, endpoint security is a crucial part of business resiliency. If ransomware infects one laptop that means one employee, and perhaps their team, will have a few unproductive days while they wait to get set up on a new laptop. What if the ransomware on that employee’s laptop had spread to 10, 100, or even 1,000 other laptops? What’s the continuity plan if 1,000 employees are unexpectedly offline for three plus days? Cyber resiliency is now synonymous with business resiliency.
Organizations that adopt a Zero Trust posture will assume that every laptop, every system and device that is reintroduced into the network has already been compromised, and therefore that ransomware will not be able to propagate. Those organizations already have cyber resiliency.
The best way to defend against attackers (present or future) is to proactively mitigate their reach. If there was ever a time to adopt Zero Trust, it is now.
The road ahead -- where hope is not a strategy
In 2021, it won’t be enough to hope for the best -- cybersecurity leaders have to plan for it.
It can be a daunting task to fully implement Zero Trust -- CIOs and CISO’s need to map out strategies and put their cybersecurity plans in place. The first step is implementing a Zero Trust mindset.
Once an organization implements a Zero Trust mindset, the next step is prioritization -- don’t try to do it all at once. Work with your greater team to understand what the most important data and assets are to your organization and start there. Implement solutions that will better protect your company’s crown jewels.
Some of the best ways to get started with Zero Trust are to leverage scalable cybersecurity solutions like micro-segmentation or Zero Trust-based endpoint security solutions. At an individual user level, Zero Trust tools like multifactor authentication (MFA), and single sign on (SSO) can also be helpful to implement across your organization.
All in all, there are plenty of Zero Trust solutions on the market to help you and your organization get started. But as ransomware continues to take off through the end of the year and well into 2021, now is not the time for a 'hopeful' cybersecurity strategy.
Hope is not a strategy -- Zero Trust is.
As senior vice president of Product Management at Illumio, Matt Glenn is responsible for the company’s product lines and product strategy. Prior to Illumio, he was vice president of Product Management for the Network Security business unit at McAfee, supporting its Firewall, Intrusion Detection System, Email Security, Web Security, Data Loss and Prevention, and Identity product lines. Before McAfee, Matt was founder and CEO of PlantSense, an Internet of Things start-up that created the EasyBloom Plant Sensor, whose sensor technology was sold to Parrot SA.