Why ransomware makes zero trust model necessary

Ransomware is turning out to be a CISO's nightmare. The US has given ransomware hacks a priority similar to terrorism. Remote working models have exacerbated ransomware risks.
Mitesh Jain, country manager for the India region at Akamai Technologies, said ransomware attacks are increasing in intensity every year and new attacks are striking every 11 seconds.“While the threat of data loss alone is disturbing, cyber criminals are now sophisticated enough to use ransomware to cripple large enterprises and governments. Half of enterprises in India have suffered multiple ransomware attacks, and 76% were hit by at least one ransomware attack in the past 12 months,” he said. Many of these companies, he said, have given in to the extortion demands of attackers.

Rama Vedashree, CEO of Data Security Council of India (DSCI), said the emergence of ransomware-as-a-service has become a particularly big menace for companies and countries. This is where those who have the expertise to launch ransomware attacks offer their services to those who don’t have the skillsets, markedly increasing the scope for such attacks. “The way these attacks happen in one part of the world, and then get launched in other parts of the world, and the speed at which they are getting launched, this is worrying every CISO,” she said.
All this is compounded by other factors. The potential attack surface is growing rapidly with continued work from home, and the rise in internet-enabled devices. There’s also a lack of skilled cyber security professionals.
Jain said the way out is to move away from the old perimeter-centric approach to cyber security, and move to a zero trust model. Zero trust is a network security model based on a strict identity verification process – only authenticated and authorised users and devices can access applications and data. The principle is, never trust anyone, always verify.
Jain said enterprises should also shift their security stack right to the edge of the internet, so that the attack traffic can be blocked right at its source.
Another technology that Akamai has, following its acquisition last year of Guardicore, is what is called micro-segmentation. This solution logically divides the enterprise into distinct security segments, down to the individual software and workload level, with well-defined security controls for each. Ariel Zeitlin, co-founder of Guardicore, and now CTO of the enterprise security group at Akamai Technologies, said this approach reduces the “blast radius.” It restricts the malware to a particular segment, preventing its proliferation across the enterprise. “It’s part of a bigger approach of zero trust. It doesn’t let you effectively control any access, connection or data point,” Zeitlin said.