Ransomware attacks take place when malware infects a target computer which allows that attacker to encrypt valuable data and then send the victim a notification where they demand a ransom payment to release access to the data. There are over 4,000 of these attacks that take place everyday globally.
But TechRepublic has published an article with tips on how to combat these attacks and how to act properly when targeted. In the article, the publication spoke with Duncan Greatwood, the CEO of Xage, a zero-trust security company. Greatwood highlighted numerous examples of just how dangerous ransomware attacks can be not only to an individual, but to the public.
Related: Windows 11 Requirements Aim to Boost Security
While most attacks on businesses can mainly stall business operations, attacks on utility or energy grids can lead to various disasters like blackouts, oil spills, fires, or the release of toxic chemicals, says Greatwood in the TechRepublic article.
“The higher the expectation for service reliability, quality and trust, the more likely the business will be a target of the attack,” says Greatwood in the article. “For these companies the impact due to loss of revenue and reputation is much greater than the payout. They also have the working capital to pay the ransom. Utilities, oil and gas operators, pipelines, chemical manufacturing, and the food and beverage industry are prime targets.”
And ransomware software packages are being sold on the dark web enabling more individuals with little tech skills to carry out attacks.
But a zero-trust model can be an extremely effective way to combat these attacks.
“One of the most effective ways to prevent ransomware attacks is through the adoption of zero-trust architecture, the modern alternative to perimeter-based security. Built on the principle ‘never trust, always verify,” says Greatwood in the article.
“Unlike traditional techniques, under which an attacker can exploit cyber weaknesses upon gaining access inside a network segment perimeter, zero trust treats the identity of each machine, application, user and data stream as its own independent ‘perimeter,’ allowing granular access policy enforcement. As such, rigorous security enforcement continues even in the event that hackers get into an operational or corporate network—and ransomware gets blocked from traversing between IT and OT systems,” he continues.
He points out that the Colonial Pipeline attack along with various others could have been prevented had they had a zero-trust model put in place, and that industries like energy, oil, and gas have been slow to update their cybersecurity, making them bigger targets.
Having a zero-trust cybersecurity has many benefits like not relying on static accounts or firewall rules, and having each identity form its own perimeter protection. All access permissions are controlled based on identity, role and policy, plus the security controls user-to-machine, machine-to-machine, app-to-machine, and app-to-data interactions along with securing file and data transfer within and across IT, OT and Cloud. They also allow vertical and horizontal access management.
There are various other benefits that Greatwood highlights in the article and strongly suggests organizations begin to adopt them.
