Ransomware, Phishing, Zero Trust, and the New Normal of Cyber Security by Sanjai Gangadharan, Area Vice President, South ASEAN, A10 Networks
When the COVID-19 pandemic struck, cyber criminals saw their opportunity, and they took it. With corporate offices, government agencies, schools, and universities shifting from in-person to remote work models, and even many healthcare interactions moving online, the rushed nature of the transition led to inevitable cyber security gaps. Consumer broadband and personal devices undermined the corporate security stack; unsafe user practices and overlooked security patches opened ample vulnerabilities throughout the environment. Meanwhile, an anxious and often confused public proved easy prey for phishing attacks. The impact was all too predictable: phishing attacks, DDoS attacks, and ransomware attacks all spiked. Eighty percent of firms saw an increase in incidents in 2020, and the COVID-19 pandemic was blamed for a 238 percent rise in cyber attacks on banks. Phishing has jumped 600 percent since the end of February 2020.
Why Ransomware Attacks and Costs are Soaring
The pandemic-driven surge in ransomware was immediate and dramatic. Ransomware attacks rose 148 percent in March 2020, with average payments up 33 percent to $111,605 compared with Q4 2019—and reaching $170,000 by Q3 2020. Before long, the U.S. was reeling from a May 2021 ransomware strike that shut down a critical fuel pipeline. While the rise in ransomware strikes likely resulted in part from greater opportunities for hackers, combined with the increased effectiveness of phishing attacks targeting news-obsessed users, a change in tactics may also have played a role. While earlier attacks generally focused on the traditional encryption-payment-decryption ransomware model, hackers are now seeking to increase their returns through data exfiltration, stealing data and offering it for sale on the black market.
For ransomware victims such as municipalities, corporations, healthcare systems, and universities, the growth in data exfiltration can compound the already considerable damage of a ransomware attack beyond the ransom itself, potentially including violations of customer privacy, the loss of corporate data, and massive regulatory files. Add to this hidden costs such as system downtime, reduced efficiency, incidence response costs, and brand and reputation damage—bringing total global costs to more than $1 trillion each year.
Taking Data Protection Inside the Perimeter with Zero Trust
In the era of public cloud, mobility, and work-from-home, the notion of perimeter security has quickly become outdated. It’s not just that the attack surface has changed; organizations have also gained a new understanding of the identity of potential attacker, including trusted insiders who don’t even realize that they’re abetting a crime. It’s common to think of an internal threat actor as a disgruntled employee or spy undermining cyber security with ill intent, but it’s even more common for a well-meaning employee to inadvertently open the door to hackers through poor password hygiene, nonsecure practices, or the ever-popular phishing lure. Think of the employees of several small city governments in Florida, including a member of one city’s police department, who triggered a wave of costly ransomware infections in 2019.
While awareness and education can help lessen the risk of successful phishing and ransomware attacks, a single moment of inattention and carelessness can be enough to devastate the business. It’s safer to assume that anyone, even a trusted user with a heart of gold, can pose a security risk, and design your cyber defense strategy accordingly. Hence the rise of Zero Trust—the notion that we shouldn’t trust anything or anyone, inside or outside the network, with access to our computer systems. In practice, this means measures such as:
• Moving beyond the idea of inside versus outside and redesigning cyber defense in terms of secure micro-parameters, with multiple points of network defense
• Implementing the ability to control, inspect, and restrict network traffic traveling in any direction—north-south or east-west—within your organization
• Subjecting users to checks and balances, each time they cross into a different area of the network or try to access a new set of resources, to verify their need and privileges
• Ensuring timeliness and preventing excess privileges from accumulating by periodically revoking and refreshing access and credentials
• Continuously monitoring who’s accessing whatand the level of risk these activities might present
Why SSl Inspection is Critical for Zero Trust
As organizations move to implement Zero Trust, they quickly run into the issue of visibility in a world of pervasive TLS/SSL encryption. To enable fast threat detection and response times, it’s essential to be able to decrypt, inspect, and re-encrypt network traffic quickly and efficiently at scale without impairing cost or adding complexity. A centralized, dedicated SSL decryption capability makes it possible to provide visibility into network traffic for each element of the cyber security stack without the inefficiencies and performance penalties of device-by-device decryption and re-encryption. Similarly, a centralized approach to management can help organizations ensure consistent and efficient policy enforcement across the security infrastructure.
As a strategy rather than a product category, Zero Trust implementation requires more than simply plugging in a new box. Rather, it represents a new way of thinking about cyber security, embodied in evolving approaches to management, automation, auditability, resiliency, and integration. By approaching Zero Trust in this way, organizations can mitigate the security risks endemic in the new normal, and better protect their business from threats of all kinds.