Ransomware, phishing, Zero Trust and the new normal of cybersecurity

Ransomware, phishing, Zero Trust and the new normal of cybersecurity

San Francisco-based Babur Nawaz Khan, Technical Marketing Engineer at A10 Networks, discusses the rise of Zero Trust – the notion that we shouldn’t trust anything or anyone, inside or outside the network, with access to our computer systems.

When the COVID-19 pandemic struck,cybercriminals saw their opportunity and they took it.

With corporate offices, government agencies, schools and universities shifting from in-person to remote work models, and even many healthcare interactions moving online, the rushed nature of the transition led to inevitable cybersecurity gaps.

Babur Nawaz Khan, Technical Marketing Engineer at A10 Networks

Consumer broadband and personal devices undermined the corporate security stack; unsafe user practices and overlooked security patches opened ample vulnerabilities throughout the environment.

Meanwhile, an anxious and often confused public proved easy prey for phishing attacks. The impact was all too predictable: phishing attacks, DDoS attacks and ransomware attacks all spiked. Eighty percent of firms saw an increase in incidents in 2020, and the COVID-19 pandemic was blamed for a 238% rise in cyberattacks on banks. Phishing has jumped 600% since the end of February 2020.

Why ransomware attacks and costs are soaring

The pandemic-driven surge in ransomware was immediate and dramatic. Ransomware attacks rose 148% in March 2020, with average payments up 33% to US$111,605 compared with Q4 2019 and reaching US$170,000 by Q3 2020.

While the rise in ransomware strikes likely resulted in part from greater opportunities for hackers, combined with the increased effectiveness of phishing attacks targeting news-obsessed users, a change in tactics may also have played a role. While earlier attacks generally focused on the traditional encryption-payment-decryption ransomware model, hackers are now seeking to increase their returns through data exfiltration, stealing data and offering it for sale on the black market.

For ransomware victims such as government agencies, corporations, healthcare systems and universities, the growth in data exfiltration can compound the already considerable damage of a ransomware attack beyond the ransom itself, potentially including violations of customer privacy, the loss of corporate data and massive regulatory files. Add to this hidden costs such as system downtime, reduced efficiency, incidence response costs, and brand and reputation damage – bringing total global costs to more than US$1 trillion each year.

Taking data protection inside the perimeter with Zero Trust

In the era of public cloud, mobility and work-from-home, the notion of perimeter security has quickly become outdated. It’s not just that the attack surface has changed; organizations have also gained a new understanding of the identity of the potential attacker, including trusted insiders who don’t even realize that they’re abetting a crime.

It’s common to think of an internal threat actor as a disgruntled employee or spy undermining cybersecurity with ill intent, but it’s even more common for a well-meaning employee to inadvertently open the door to hackers through poor password hygiene, nonsecure practices or the ever-popular phishing lure.

While awareness and education can help lessen the risk of successful phishing and ransomware attacks, a single moment of inattention and carelessness can be enough to devastate the business.

It’s safer to assume that anyone, even a trusted user with a heart of gold, can pose a security risk and design your cyberdefense strategy accordingly. Hence the rise of Zero Trust – the notion that we shouldn’t trust anything or anyone, inside or outside the network, with access to our computer systems.

In practice, this means measures such as:
• Moving beyond the idea of inside versus outside and redesigning cyberdefense in terms of secure micro-parameters, with multiple points of network defense
• Implementing the ability to control, inspect and restrict network traffic traveling in any direction-north-south or east-west – within your organization
• Subjecting users to checks and balances, each time they cross into a different area of the network or try to access a new set of resources, to verify their need and privileges
• Ensuring timeliness and preventing excess privileges from accumulating by periodically revoking and refreshing access and credentials
• Continuously monitoring who’s accessing what and the level of risk these activities might present

Why SSl inspection is critical for Zero Trust

As organizations move to implement Zero Trust, they quickly run into the issue of visibility in a world of pervasive TLS/SSL encryption. To enable fast threat detection and response times, it’s essential to be able to decrypt, inspect and re-encrypt network traffic quickly and efficiently at scale without impairing cost or adding complexity.

A centralized, dedicated SSL decryption capability makes it possible to provide visibility into network traffic for each element of the cybersecurity stack without the inefficiencies and performance penalties of device-by-device decryption and re-encryption. Similarly, a centralized approach to management can help organizations ensure consistent and efficient policy enforcement across the security infrastructure.

As a strategy rather than a product category, Zero Trust implementation requires more than simply plugging in a new box. Rather, it represents a new way of thinking about cybersecurity, embodied in evolving approaches to management, automation, auditability, resiliency and integration. By approaching Zero Trust in this way, organizations can mitigate the security risks endemic in the new normal, and better protect their business from threats of all kinds.

Browse our latest issue

Intelligent CIO North America

View Magazine Archive