Ransomware, Zero trust

Will zero-trust become the mainstream solution to ransomware?

John Oliver performs during the Stand Up for Heroes event to benefit the Bob Woodruff Foundation at The Hulu Theater at Madison Square Garden on November 04, 2019, in New York City. Today’s columnist, Ofer Israeli of Illusive, points out how Oliver spent an entire program on ransomware of late, and ponders whether zero-trust can get the same mainst...

Ransomware has become such a common cybersecurity threat that it has reached mainstream media. As organizations turn to zero-trust security as a solution, will zero-trust also reach mass appeal?

For those of us who work in cybersecurity it’s easy to forget that not everyone speaks our language. That’s why it was so exciting to see Last Week Tonight with John Oliver spend an entire episode devoted to ransomware, as he introduced millions of viewers to his take on this pervasive cyber threat.

Oliver suggested a few best practices for preventing ransomware: Enable multi-factor authentication, install patches, and don’t click on suspicious links, or in his own words, “just lock your door.” Perfect advice for a TV audience.

Of course, security pros will realize that a few pieces of the puzzle are missing. Leaving a company’s ransomware defenses with John’s practical advice would almost certainly lead to any number of attacks.

The rest of the picture

Although Oliver briefly acknowledged the pandemic while discussing ransomware attacks on healthcare systems, a discussion of securing remote workers was entirely absent from the rest of his performance, even though most organizations have spent more than a year working from home.

Over the past decade, digital transformation and cloud migration have pushed the need for security beyond the traditional network perimeter. The past 18 months of remote work has been the straw the broke the camel’s back.

According to IDC’s, Defeating Ransomware Requires a Deterministic Cybersecurity Game Plan by Chris Kissel: The surface that the security analyst defends has expanded and become more diverse. Businesses use multiple cloud environments and multiple dedicated datacenters, and they increasingly use applications.

According to Kissel, once the network considers an end user authentic, the network will maximize the efficiency of the user experience. The adversary sees the east-west mappings and can then begin to access sensitive data/servers. If server information has not been made directly accessible, the information necessary to make the next lateral move becomes apparent.

These lateral attack movements are difficult to detect and are part of the reason that ransomware attacks are so successful. Remote work has served as a force multiplier for attacks since admins that need to manage remote devices connect with remote desktop protocol (RDP), which may leave valuable breadcrumbs for attackers.

When a remote worker can use their own PC from a home Wi-Fi network to access enterprise resources in the cloud, how can cybersecurity control this access? The answer is zero-trust.

Growing adoption for zero-trust

A recent Microsoft survey of more than 1,200 security decision-makers found that 90 percent of respondents were familiar with zero-trust and 76 percent were in the process of implementation. However, we still have a long way to go.

The Microsoft Zero Trust Maturity Model includes six foundational elements that serve as “a control plane for enforcement, and a critical resource to be defended.” Identities and devices sit to the left of applications, data, infrastructure and networks—security policy enforcement are stuck in the middle. Essentially, security teams must manage and secure identities and devices because they provide valuable access to applications, data, infrastructure, and networks. At its core, zero-trust “locks the door.”

In taking a closer look at the Microsoft survey, none of these security risk areas have passed the tipping point for zero-trust implementation. For example, only 38% of organizations have currently implemented zero-trust for identities, even though it’s one of the most popular starting points. Among zero-trust implementations for identities, the most important components are strong authentication, automatic risk detection and remediation, and adaptive access policies.

Consider our example in which privileged credentials have been cached on a remote device from RDP access. Even if that user or device becomes compromised, strong authentication could prevent unauthorized access, automatic risk detection and remediation could have identified and removed those risky credentials, and adaptive access policies could force a user to reset their password.

These are the guiding principles of Zero Trust in action:

  • Verify explicitly: use strong authentication.
  • Least privilege access: consider adaptive access policies.
  • Assume a breach: leverage automatic risk detection and remediation.

From digital transformation to cloud migration to the hybrid work era, zero-trust has become a force. Organizations that have already turned to zero-trust will certainly find it easier to embrace the competitive advantages of these trends because they will protect access to their critical resources. Identities are the new perimeter, which organizations must protect from lateral attack movement.

Ofer Israeli, founder and CEO, Illusive

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.