Zero trust has become a widely recognized framework in the cybersecurity world. SecOps teams are advocating this “trust no one” strategy to support the fight against the escalating cybercrime risk and monitor threat actors in their networks.
Research from Gigamon found that 70% of IT leaders agree that zero trust would improve their IT strategy.
In short, this approach to security overrides the implicit trust often given to internal traffic within a network. This security-first mentality also benefits business efficiency; 87% of IT teams believe productivity has increased since beginning their zero-trust journey as systems run faster and downtime is reduced through fewer breaches.
However, the threat landscape is evolving. Ransomware is now one of the biggest threats to businesses worldwide, with many falling victim to catastrophic attacks. This type of malware rose by 82% in 2021. It seems unstoppable, especially as 82% of UK companies that have fallen victim to ransomware attacks have reportedly paid the hackers to get their data back.
So, can zero trust architecture (ZTA) help organizations protect themselves from one of the biggest threats in today’s cyber landscape?
What does zero trust mean today?
We must always have a rational reason when we put faith in something. However, this has not always been the case in IT. Instead, IT teams have been using approaches to reliability for years, often because mechanisms to support trust measurement have not been practical in the past. This could be because an organization owns a system, if a user is an employee, or if the network was previously secured.
However, these are not real reliability measures. Instead, they are rough approximations that are often based on assumptions. When that confidence assumption fails, the risk is introduced. And when a threat actor recognizes that these assumptions are part of an organization’s security strategy, they can bypass network controls and create problems for cybersecurity.
Zero trust changes this. It dynamically measures whether something is reliable by analyzing how it works and assessing whether an organization has a rational basis for trusting it and allowing the connection.
This applies not only to entire systems but also to individual devices, security mechanisms, and users. Given the importance of BYOD policies and remote working, trust should be earned rather than given freely, and all users should be considered threats until proven otherwise.
In a world where the workforce has shifted significantly to a ‘work anywhere, work anytime’ model, it makes sense to embrace a ZTA.
Organizations can prevent a compromised device from becoming a completely disrupted network by introducing micro-segmentation, which separates data, assets, and applications and is a key pillar for ZTA.
A famous example is the Las Vegas casino hacked by its IoT thermometer in an aquarium in the foyer. From here, the attacker had access to the casino’s entire network. So how can companies protect themselves from this level of threat?
With the IoT expanding and adversaries using more innovative tactics and techniques to breach a system, Zero Trust must be part of the security strategy.
Deep perceptibility
The cornerstone of ZTA is visibility. A clear view of all data in motion, from the cloud to the core, means IT teams can best understand every threat to their network. From here, they can authorize certain activities, detect unwanted application behavior, and analyze the metadata that describes the origin and movement of an attack in detail.
In other words, organizations cannot protect themselves from what they cannot see. The deeper the level of observability in a network, the more insight an IT team can gather and then take action to improve its security posture. This is explicitly required by NIST SP 800-207, the gold standard of zero trust.
The nature of ZTA is a deep and thorough inspection of all users and all data, including encrypted traffic. This architecture and micro-segmentation will also prevent cybercriminals from moving laterally within a network, meaning adversaries looking to traverse an IT infrastructure and deploy ransomware on more critical data won’t be able to do so.
In recent years, cybercriminals have become much smarter and more sophisticated at deploying this type of malware. An attack in the current climate is typically carefully considered and strategically targeted against known vulnerable organizations that store critical data.
It is also common for bad actors to penetrate a network and lie dormant for months. Visibility is central to the fight against ransomware: by eliminating blind spots in the network, malicious parties can no longer exist on a network undetected. With zero trust and deeper observability of all data, criminal residence time can be drastically reduced from the current average of 285 days.
It is important to remember that Zero Trust is not the only panacea for protection against ransomware. However, in combination with visibility, it is essential to strengthening a company’s cyber attitude. By prioritizing deep detectability, ZTA will be much easier to introduce, and ransomware threats will be much easier to detect.