DATA ANALYTICS - AKAMAI

Protecting your business from the threat of ransomware By Richard Meeus, Akamai’s EMEA Director of Security Technology and Strategy.

  • Wednesday, 30th March 2022 Posted 2 years ago in by Phil Alsop

In the pre-digital age, keeping valuables secure was as simple as hiding or locking them away to prevent thieves from accessing them. Today, some of our most precious assets belong on digital platforms and that means re-writing the rule book on protecting them. As evidenced by figures from GCHQ, the number of ransomware attacks increased twofold during the past 12 months. This is further supported by Akamai’s own data. We observed a continued increase in ransomware attacks throughout 2021. Staggeringly, some predictions put the total worldwide expense of ransomware at almost $270 billion by the year 2031.

As eye-watering as these numbers might seem, the true impact of ransomware is felt by businesses and communities. Notably, the Irish Health Service and the London Borough of Hackney have been victimised in the last 18 months. Analysis from Gartner eschews the possibility of increasingly refined cyber-attacks having the potential to actually harm human beings in the years to come.

The lesson here is that no organisation is immune to the threat of ransomware. Regardless of how important data may seem, the risk of derailing operations, via an attack, often makes paying the ransom appear to be the favoured option. Now is undoubtedly the time to boost your businesses’ defences.

How did ransomware become such a prolific issue?

The proliferation of hybrid or home working patterns has posed its own security risks which a large part of the workforce is unwittingly contributing to each day. Home workers are making multiple points of access to the network, across a range of devices that may lack the standard security certificates or similar validation of the device, and this is. Both workers and businesses are now much more exposed to vulnerability than they were when fully office-based.

Our shifting usage of technology has coincided with some other notable macrotrends. A great example of this is the rise of cryptocurrency, offering the perfect framework for cybercriminals to receive payments that make tracking far more difficult than traditional FIAT currencies. Overall, hackers and other cybercriminals have become far more proficient, coordinated and reactive, allowing them to work in defined gangs to develop exploits and malware for the latest vulnerabilities.

The norm for companies when building a security strategy is to work on the basis of ‘trust the user but ensure they are verified’. The evidence of the last 12 months shows that the ‘trust and verify’ model is not sufficient to combat the swell of ransomware, and more needs to be done.

‘Zero Trust’: The model we need

Trust is so central to this issue. When a user is successfully verified, the network and its data is open to them. As businesses face near-constant attacks, such easily gained network trust does not provide adequate protection.

When it comes to Zero Trust, it's exactly what it says on the tin: nobody using the network is trusted. Instead, the user is afforded only the specific access level they need for that task and the network itself is segmented to limit navigation for potential attackers surfing for exploitable data.

Zero Trust is merely a framework, constituting an array of tools and solutions. Among them are Secure Web Gateways, Web Application Firewalls and Zero Trust Network Access. Implementing technologies such as these is pivotal to restricting network penetration by attackers and forming a shell of protection for your business critical data.

As a textbook example, suppose a work mobile device is accidentally left in a public place. That lost device could be an avenue to an organisation’s servers for any malicious actors. With a robust Zero Trust framework in place, only the IP and local files of the mobile device would be accessible: an attacker would not have the privileges to browse the full network.

Closing the blast doors: the importance of segmentation

Of course, on rare occasions the most sophisticated cyber-attacks are able to bypass the Zero Trust mechanisms and still gain a foothold within your network. This is when the value of micro-segmentation shines through. We at Akamai are big believers in the power of micro-segmentation to protect customers and, through our acquisition of specialist providers Guardicore, we have added this to our solutions portfolio.

One can apply this rationale to the world of physical security. If your house was a network, you could deploy surveillance, gating and alarm systems to keep unwanted personnel out. But, if an intruder did evade all of these, now the entire house is theirs to explore. What if each room and the valuables within had its own locked door? That is the principle of micro segmentation. It gives security teams a precise overview of the infrastructure and equally precise powers to wall off a breach rapidly. This is crucial in ransomware attacks, when time is of the essence.

To adopt Zero Trust, there’s no getting around the fact that investment will be required to retool with the requisite technology. What the past year of attacks has shown is that doing nothing about ransomware can prove far more costly. Hybrid working and organised cybercriminal factions are all factors of risk that are unlikely to change. Businesses that can react and prepare today may well be saving themself a hefty bill in future.