Not a day goes by without news of how businesses worldwide have been affected by cyber breaches and ransomware attacks. Data breaches are some of the top concerns of business leaders. If statistics are any indication, their concerns are valid. According to a recent study, cybercrime is projected to hit USD 6 trillion in 2021, with ransomware attacks only expected to increase in number and become more disruptive in nature. Further, ransomware attacks worldwide peaked at 68.5 percent in 2021.
Ransomware attacks often grab headlines, unlike several other types of cyberattacks that largely go unnoticed.
Reimagining the security landscape
Organizations need to find novel ways to respond to and mitigate cyber risks considering the diverse mechanisms through which ransomware is delivered and the speed, innovation, and creativity with which black hats are releasing malware. The world is increasingly realizing that COVID-19 may be with us for a long time and that rather than waiting for it to vanish, we must learn to live with it and take steps to mitigate the risk associated with it. In the cybersecurity world, threats like ransomware will be around forever in one form or another. The key is to find out ways to become resilient to it. In other words, organizations should invest sufficient time and resources to boost their cyber resilience – to make businesses more resilient to cyber threats.
Traditionally, the cybersecurity world relied on organizational security perimeters to defend against such attacks. These perimeters created "security comfort zones" for an organization. Anything that happened within the perimeter was “assumed” to be a genuine and non-malicious business activity and enjoyed higher privileges and broad accesses. Organizations invested heavily in cybersecurity tools to strengthen these security perimeters. The model worked well as much of the business happened from within these organizational boundaries or security comfort zones.
However, the pandemic drastically transformed the cybersecurity landscape the world over. In the "new normal," organizations were compelled to allow their workforce to work from remote locations outside the traditional security parameters. This presented the danger of workers relying on unmanaged and insecure last mile "home networks" and public wifi. The increased adoption of BYOD (Bring Your Own Device) was also seen through these tumultuous times. This created the perfect opportunity for cyber attackers. Hackers sought innovative ways to compromise the remote employee and/or their systems to be used as a conduit to get into the enterprise, bypassing most perimeter security systems. For this, they exploited the "Assumed Trust" that the traditional cybersecurity approaches adopted. Recently, it was also noticed that some black hat groups were offering employees quick cash to help install ransomware in their organization.
Such remote working trends were prevalent even before the pandemic, primarily driven by the digital transformation of businesses. The pandemic, like many other changes, necessitated a re-look at the cyberdefense strategy.
So, what can be done to prevent and eliminate such unwarranted intrusions and security violations. Organizations must view cybersecurity as a strategic priority and adopt a systematic approach to lay the foundation for a comprehensive security framework. It involves taking a program-based approach to "anticipate, withstand, recover from adverse conditions, stresses, attacks, or compromises" or, in other words, businesses need to become more resilient to cyber security challenges.
Cyber resilience is an organization’s ability to put mechanisms in place to sustain its core operations and survive through adverse events, including a ransomware attack. It clearly goes beyond a tool or collection of tools. Cyber resilience enables an organization to defend against cyber threats, recover and resume to risk-accepted levels of business operations amid and post a disruptive event, such as a cyberattack. It involves building resilience into business processes, identifying threat vectors systematically, managing risks continuously, and minimizing the severity of the business impact due to security incidents.
Building cyber resilience through Zero Trust
The pandemic accelerated the implementation of a "Zero Trust" security model to secure a company’s assets. Zero Trust, originally proposed by Forrester alumnus John Kindervag in 2009, centers on the belief that trust is a vulnerability, and security must be designed with the strategy, "Never trust, always verify". In other words, the model insisted that organizations should "trust nothing" - irrespective of whether the entity is outside or inside the traditional security perimeter and verify every entity that’s attempting to access enterprise assets. Such an approach creates micro security perimeters.
The first step is to realize that Zero Trust is a journey and determine the point where an organization is currently. A reasonable maturity in Zero Trust would include the following:
● A comprehensive and robust identity security approach allows policy-driven and dynamically assessed risk-based access control to applications. Direct access to network, workload and data is removed systematically and instead access is always to an application which in turn gives access to other enterprise resources based on business need. Every transaction between every subject (source) and resource (destination) is always under scrutiny or verified, and access is granted based on dynamically assessed risk. Risk is calculated on a multitude of attributes, such as the behavior of the person or entity attempting to access the enterprise resource. For example, some of the key aspects to check could be: is the person trying to access from a new geography that has never been seen before? What is the security health of the workstation from which the access originated? Did the application procedure involved in this communication exhibit outlying behaviors recently?
Access is always viewed through an "assume breach" and "use least privilege" mentality. In other words, every access is scrutinized, and all data movement is secured and tracked.
● Trust is no longer assumed anywhere in the environment. Cloud and hybrid networks are micro-segmented, and security policies control gate interaction between the micro-segments. Micro-segmentation isolates and insulates each segment from each other thereby restricting or reducing the spread of a possible cyber breach.
● Threat detection is intelligence-driven, leverages AI/ML for scale, and uses automation and orchestration for speed of response.
Paving the way forward
As global economies recover from the aftermath of the pandemic, organizations that build cyber resilience are the ones that will survive. Organizations must adopt Zero Trust as it will form the cornerstone of their cyber resilience strategy. They should work toward enforcing the Zero Trust imperative to mitigate cyberattacks, as only then can they build better and more relevant and competitive businesses in the long run.