Sponsored Post: Palo Alto
Maybe its folklore, but evidently there was a time when people could leave their doors unlocked and feel safe. If indeed that was the case, it’s a bygone era for most people today. Threats aren’t just in someone else’s backyard anymore. They can be anywhere. That’s the same realization that enterprise managers have come to as well. Cyberthreats don’t just originate from the other side of the firewall. Threat actors and their malicious tools can reside anywhere within your network. Trust but verify is an IT mantra that is now obsolete. Everything must be continuously verified on your network if it’s going to be allowed to stay connected.
The Philosophy of Zero Trust
That is the concept of Zero Trust. Nothing should be trusted by default. Just because a laptop is joined to the domain, just because a user was properly authenticated or an Internet of Things (IoT) device resides in the correct VLAN, don’t assume anything. For instance, never assume that the user that typed in a password correctly is the designated owner of that user account. Make them offer up further proof of their identity by enforcing some form of multifactor authentication (MFA). Even then, you shouldn’t implicitly trust their intentions. You must enforce a strict interpretation of the principle of least privilege security so that users can only access the resources they need to perform their jobs and nothing more. A Zero Trust strategy is implemented using multiple security layers and methodologies.
Ransomware Is the Elephant in the Room
The practice of trust by default is just too expensive now as easy money can be made by even ransomware amateurs that can simply purchase Ransomware-as-a-Service subscription plans and be in business. While it takes a lot of resources to defend against ransomware, the barrier to entry to launch an attack has shrunk substantially.
In 2022, ransomware was the No. 1 cybersecurity concern among chief information security officers (CISOs) according to Microsoft’s 2021 Ransomware Survey Report. There’s good reason for this level of concern:
- According to the FBI’s Internet Crime Compliant Center, the average ransomware payment rose to $4.7 million in 2022 along with an aggregate loss of more than $10 billion since 2018 due to ransomware.
- The global cost of ransomware is expected to reach $265 billion by 2031.
- The biggest cost to a business is downtime, which is several weeks on average.
It’s numbers like these that will turn even the most trusting of IT personnel into true cynics. Network cynicism is about vigilance, suspicion, and evaluation.
Ransomware Will Cross New Boundaries in 2023
It seems like every time we think we know everything about ransomware, it metamorphosizes. According to Palo Alto’s 2023 Ransomware and Extorsion Report, the extortionists behind these attacks are about to push the boundaries into areas that will further erode any sense of trust that might be left.
- While ransomware attacks in the past haven’t been known to target cloud computing, 2023 will be the year the world witnesses a large cloud ransomware compromise.
- We’ll see an increasing number of insider threats fueled by layoffs, leading to extortion attempts.
- Attackers will infect supply chains with ransomware attacks to distract targeted companies from the true purpose of their attack.
- New infiltration techniques are being created and used to gain initial access to an enterprise such as SEO poisoning and fake software installs and/or updates.
- Alternative extortion methods will be introduced to negate the necessity of encrypting files at all, thus eliminating the need for attackers to have technical skills.
Ransomware needs to be the line-in-the-sand moment that drives enterprises to implement Zero Trust security practices across their network.
It Starts with Identity
To trust someone, you must be able to identify them. It’s the same with network devices. The new rule must be no identity, no access. This doesn’t apply to just bring your own device (BYOD) laptops, tablets, and smartphones but also to medical equipment, cameras, and sensory IoT devices. Identity means being able to capture a profile of a device that includes relevant information such as device type, vendor, hardware version, operating system, AV status, and installed applications. Identity can be achieved through certificate-based authentication, hardware-based tokens, and identities such as MAC addresses and Trusted Platform Module chips. Users must also undergo increased scrutiny using MFA methods such as fast identity online (FIDO) keys, biometrics, or authenticator apps.
Think of Roles, Not Users
Every user and connected device play a role within the organization. Those roles must be defined and followed up by the establishment of role-based access control systems or policies that enforce the principle of least privilege so that users are only granted the minimum level of access required for their assigned roles. Network segmentation should also be used to restrict standard users from privileged areas.
Establishing a Profile
Every user and device in your network should have an expected profile that they can be measured against. User profiles include attributes such as job roles and access privileges while device profiles include things like operating system versions, patch levels, and security configurations.
These profiles are then expected to operate within an expected behavior while on the network. Continuous monitoring then uses AI to readily identify anomalous or abnormal behavior that could indicate a threat such as ransomware. If an anomaly is confirmed, a device can be immediately isolated and quarantined until its trustworthiness can be once again confirmed.
The ability to correctly identify users and devices while ensuring that everyone operates in their approved lanes makes the job of protecting against ransomware easier and more effective. The challenge is to be able achieve Zero Trust without having to purchase, manage, or monitor a large disparate assortment of best-of-breed tools. That’s where a single vendor such as Palo Alto can not only make Zero Trust possible, but simplify the path in achieving it.