Sponsored Post: Narendran Vaideeswaran, CrowdStrike Director, Product Marketing, Zero Trust.
Ransomware is a dangerous and evolving threat to organizations of every size, industry and geography. As ransomware operators and affiliates refine and evolve their strategies, security teams must ensure they have the strongest, most proactive protections in place to defend against this threat.
This year’s Verizon Data Breach Investigations Report (DBIR) reported a continued upward trend in ransomware activity, which increased 13% in 2021—an increase as large as the past five years combined. Ransomware was present in nearly 70% of malware breaches, the report states. Ransomware-related data leaks were up 82% in 2021, CrowdStrike’s 2022 Global Threat Report found, and the cost of ransomware attacks amounts to $4.54M USD, according to the latest IBM Cost of A Data Breach Report. While this is slightly lower than the $4.62M USD average last year, it comes alongside another troubling statistic: ransomware attacks made up 11% of all cyberattacks IBM evaluated, an increase from 7.8% in 2021.
Not only is ransomware increasing; adversary tactics are changing. Recent years have seen the rise of ransomware as a service (RaaS), a business model in which “affiliates” pay ransomware operators to launch ransomware campaigns using attacks the operators developed. This model allows affiliates to deploy destructive campaigns, even if they lack the time or skills to create their own ransomware variants. There is also the growing trend of double extortion campaigns, in which adversaries exfiltrate a victim’s data in addition to encrypting it. This gives the threat actors greater leverage to extort payment.
What does all this mean for organizations working to protect themselves? Point products aren’t enough to stop ransomware as these campaigns grow more frequent and sophisticated. Here, we discuss how a holistic security approach leveraging a Zero Trust strategy will reduce the attack surface and impede the progression of a ransomware attack.
Modern adversaries don’t follow a consistent or linear attack pattern. They are constantly evolving to find the easiest and shortest path to achieve their goals—and they must be stopped as soon as possible, wherever they are in the attack lifecycle.
The following steps can help organizations better prepare for, and protect against, attacks with the adoption of a few Zero Trust principles:
Gain unified visibility into the attack path: Regardless of where the adversary begins an attack, their activity should never go unnoticed—and you can’t protect assets you don’t know about. Security teams should discover all endpoints, identities and applications to get full attack visibility across assets including endpoints, identity stores, workloads, data and container environments, and also choose the platform that can connect the dots and provide them visibility into the full attack path.
Leverage behavioral data to detect changes in risk: Behavioral analytics from endpoints, users and applications can help detect deviations from baseline behavior, increasing the likelihood of earlier threat detection. A login coming from a valid account, but from an unknown or unmanaged endpoint, should be detected and possibly blocked or challenged using multifactor authentication (MFA).
Use segmentation to reduce the attack surface: Identity segmentation restricts access to applications and resources based on identities, effectively shrinking the attack surface by enforcing risk-based policies in real time to restrict access based on workforce identities. These identities could be human accounts, service accounts or privileged accounts, among others. Identity segmentation enables organizations to define granular, scalable policies, better contain breaches by preventing lateral movement—a key component in many ransomware attacks—and improve regulatory compliance.
Protect legacy systems: When a vendor stops providing support for software, it leads to security gaps that make it easier for an adversary to break in. Legacy systems, or outdated software and hardware that organizations rely on, often contain vulnerabilities and are at the core of many cyberattacks. These vulnerable systems create a much larger attack surface.
There are steps organizations can take to strengthen the security of their legacy systems. Strong endpoint protection, and identity verification through frictionless MFA, can help by stopping code execution and preventing identity access for ransomware adversaries. Securing legacy systems is a key component of protecting against modern attacks including ransomware, supply chain attacks and account takeover.
Implement continuous authentication: Continuous authentication constantly evaluates user behavior patterns in order to verify their identity throughout a session without disrupting workflow. Rather than only authenticating users when they log in, continuous verification collects information about user behavior so it can distinguish between normal and abnormal activity. If an application notices a deviation from usual behavior, it may prompt the user to authenticate in case this is an indication of malicious activity.
When you start or continue your Zero Trust journey, it’s essential to get the fundamentals correct and choose a platform that can provide strong endpoint and identity protection, scale and integrate with your existing security tool investments, and adhere with industry standards like the NIST 800-207, Forrester ZTX and CISA maturity model.
Zero Trust is essential for organizations seeking the strongest possible protection in the ongoing fight against ransomware. Adversaries continue to develop stealthier and more devastating attacks, and the threat to organizations is only growing over time. A frictionless Zero Trust approach can fortify your defenses and stop modern cyberattacks targeting your business.