How Zero Trust can lead the battle against ransomware

How Zero Trust can lead the battle against ransomware

Sydney-based Ian Farquhar, Field CTO, Gigamon, tells us how in a world where the workforce has shifted significantly to a ‘work anywhere, work anytime’ model, embracing Zero Trust makes sense.

Zero Trust has become a well-recognized framework in the cybersecurity world. SecOps teams are championing this ‘trust no-one’ strategy to support the fight against the escalating risk of cybercrime, and in helping to monitor threat actors across their network.

Ian Farquhar, Field CTO, Gigamon

In fact, research by my company found that 70% of IT leaders agree that Zero Trust would enhance their IT strategy.

In short, this approach to security eradicates the implicit trust often given to internal traffic within a network. This security-first mindset also benefits business efficiency; 87% of IT teams believe productivity has increased since the start of their Zero Trust journey, as systems run faster and downtime is reduced due to fewer breaches.

However, the threatscape is evolving. Ransomware now represents one of the biggest threats to businesses across the world and many are falling victim to catastrophic attacks. This type of malware surged by 82% in 2021 and it shows no signs of stopping, especially as 82% of British firms which have been victims of ransomware attacks reportedly paid the hackers to get back their data.

So, can Zero Trust architecture (ZTA) help organizations to protect themselves from one of the biggest threats in today’s cyber landscape?

What does Zero Trust mean today?

When putting trust into something, we should always have a rational reason for doing so. However, this has not always been the case in IT. Instead, for years IT teams have used approximations for trustability, often because mechanisms to support trust-measurement were not practical in the past. This could be because an organization owns a system, if a user is an employee or if the network has previously been secure.

Yet these are not actual trustability measurements, instead they are gross approximations often based on assumptions. When that trust assumption fails, risk is introduced. And when a threat actor recognizes those assumptions are part of an organization’s security strategy, they can use them to evade network controls and cause problems for cybersecurity.

Zero Trust changes this. It measures dynamically whether something is trustworthy by analyzing how it works and assessing whether an organization has a rational basis for trusting it and allowing the connection.

This is not only the case for entire systems, but also for individual devices, security mechanisms and users. Given the prominence of BYOD policies and remote working, it is essential that trust is earned rather than given freely, and all users should be considered threats until proven otherwise.

In a world where the workforce has shifted significantly to a ‘work anywhere, work anytime’ model, embracing a ZTA simply makes sense.

By introducing micro-segmentation, which separates data, assets and applications and represents a key pillar to ZTA, organizations can stop one compromised device becoming an entirely disrupted network.
One famous instance is the Las Vegas casino that was hacked through its IoT thermometer in an aquarium in the foyer. From here, the attacker was able to access the casino’s entire network. How can businesses protect themselves from this level of threat?

With IoT expanding, and adversaries clearly using more innovative tactics and techniques to breach a system, Zero Trust has to be part of the security strategy.

Deep observability

The cornerstone of ZTA is visibility. A clear view across all data in motion, from the cloud to the core, means that IT teams can best understand any threat to their network. From here they can authorize safe activity, as well as detect undesirable application behavior and analyze the metadata that will detail the origin and movement of an attack.

In other words, organizations cannot protect against what they cannot see. The deeper the level of observability into a network, the more insight an IT team can gather and then action to improve their entire security posture. This is actually explicitly required by NIST SP 800-207, the gold standard of Zero Trust.

The very nature of ZTA is deep and thorough inspection of all users and all data, including encrypted traffic. With this architecture and micro-segmentation in place, it will also stop cybercriminals moving laterally within a network, meaning that adversaries looking to traverse an IT infrastructure and deploy ransomware across more critical data will be unable to do so.

Over recent years, cybercriminals have become far more savvy and sophisticated in how they deploy this kind of malware. An attack in today’s climate typically will be carefully considered and strategically targeted against known vulnerable organizations that store critical data.

It is also common for bad actors to penetrate a network and lie dormant for months at a time. Visibility is central in the fight against ransomware: by eradicating blind-spots across the network, adversaries will no longer be able to exist on a network undetected. With Zero Trust and deeper observability into all data, criminal dwell time can be cut dramatically from the current average of 285 days.

It’s important to remember that Zero Trust is not the singular silver bullet to ransomware protection. However, paired with visibility, it will be essential for bolstering a company’s cyber posture. By prioritizing deep observability, ZTA becomes far easier to introduce and ransomware threats will become far easier to detect.

Browse our latest issue

Intelligent CISO

View Magazine Archive