Lee Ealey-Newman, VP Channel EMEA & APAC, ColorTokens
By 2025, at least 75% of IT organisations will face one or more ransomware attacks, according to Gartner.
Ransomware can be released into the wild by cybercriminals and be unwittingly and easily spread across networks by employees working in offices and remotely. Just one staff member among thousands in an organisation can crash and lock all the data systems of their employer by accidentally opening an email loaded with ransomware.
Once the deed is done that organisation will be subject to the ransom demands of the criminals that have spread the rogue code, who can then ask for big bucks (sometimes running into millions of dollars) in return for a digital key to unlock the organisation’s data.
The number of ransomware attacks has been steadily climbing for a number of years, and their threat arguably got the most attention around five years ago, when a ransomware attack was unleashed globally that hit organisations of various sizes including the UK National Health Service, Britain’s largest employer. As a result, many doctors, nurses and other staff could no longer use computer systems and were forced to only use handwritten notes to look after patients, until the systems were able to be slowly cranked back up again after a number of days.
So, what can companies and other organisations do to protect themselves from ransomware?
Probably the first thing they can do is realise that it is only a matter of time before ransomware leaks onto their network. The days of only relying on perimeter defences—like firewalls and anti-virus software—to protect you from outside threats are long gone.
We’ve already seen the evolution of data protection towards searching for threats outside your perimeter, including in the cloud, which can lead to alerts being sent to your systems to allow them to prepare their defences. But the creation of new threats and their number is so great these days that even the best-prepared defences can still be breached with previously unknown threats—often labelled “zero day” attacks.
Protection systems to mitigate, manage, and eradicate zero day attacks that have breached your network are essential, and the companies—and governments—that realise this are adopting Zero Trust architecture.
In response to the rising threat from ransomware, earlier this year, US President Joe Biden signed an Executive Order mandating public bodies to use Zero Trust technology and said he expected private companies to follow suit (particularly those going after government contracts).
Instead of just reacting to major incidents, Biden wants the US government and enterprises to do more to prevent them.
The Zero Trust architecture eliminates implicit trust from IT systems and assumes that every user and every device on the network is a threat to data security. It treats all data traffic as untrusted, requiring strict identity verification for every user, device, and process before granting any permissions.
Such an approach acknowledges that the biggest threats to security can come from lateral movement within a network, so if something untoward is detected on the network, it has to be stopped and quarantined there and then.
But while Zero Trust grants the least access possible to systems, effective deployments still enable legitimate system users to do their jobs effectively.
As a first step to adopting Zero Trust, organisations should move towards network segmentation. This is the practice of dividing networks into different logical segments and having complete control of the traffic going through and between those segments. It is designed to reduce the attack surface, preventing threats from spreading laterally throughout an organisation.
To do this, businesses need a full view of all networks within the organisation. You must have visibility into the network, application, workload and process levels, as well as a view into multi-cloud or on-premise data centres where data assets are distributed across all geographies.
This may sound complicated, but the good news is that today’s advanced security technologies can help businesses achieve the required visibility very quickly and help them to efficiently divide networks and the workloads that go over them into the logical segments mentioned. The result is that users are efficiently supported with their data access requirements in line with their actual needs, while meeting the business’ security demands.
For large organisations, continually and dynamically updating the access privileges of users and devices on the network to reduce risk is potentially a big task. But again, the security systems available in the Zero Trust space offer automation to complete the process through analytics and machine self-learning.
Organisations can learn and check as they go along with their Zero Trust deployments by gradually rolling out different parts of their network equipped with the technology that can then come together to meet their overall Zero Trust aims.
With all that said, now is the time for organisations to make their first move towards more effective protection against the rising threat of ransomware.
About the Author
Lee Ealey-Newman is the VP Channel EMEA & APAC, ColorTokens.