Reports of ransomware attacks mean something failed. An attacker gets into the network evading traditional technologies and controls, and a lack of containment or segmentation allows damage to spread with speed and at-scale.
The impact depends on the motivations of your adversary. You might be ransomed for the return of your systems or extorted with threats of slow-drip data releases in a painful public campaign.
Modern enterprises must revisit the core concept of trust as they evolve beyond predictable network behaviours where anomalies are easier to identify.
David Shephard, Illumio’s Regional Vice President of Sales for the Asia Pacific and Japan, joins us to talk Zero Trust, cyber breaches and why fortune will favour the bold.
Protecting castles vs cities
Many organisations are still relying on an old perimeter-centric approach to security architecture: endpoint protection from viruses and malware and a firewall to protect the inside from the outside.
The old model didn’t continually validate and verify access — we drew a line with the firewall, implicitly trusting anything on the inside and nothing on the outside. This model worked when we protected castles with high walls, guards and a moat, but we don’t live in castles and the modern enterprise is more aligned with complex, diverse and busy city.
Older technology looks for normal patterns to identify anomalies, but normal is hard to define with modern ways of working where we are routinely beyond the firewall, working unusual hours and accessing on managed and unmanaged devices.
The Zero Trust mindset
Your adversaries are motivated and funded — it’s their job to find and exploit your weakness — and your greatest vulnerability could be the outdated concept of trust.
Zero Trust starts with a mindset shift. Security practitioners, risk managers and leaders need to acknowledge the inevitability of a breach before they can embrace new ideas about how to prevent or contain a breach. If we can accept a breach as inevitable, we should be open to embracing new concepts and ideas to make it harder for our adversaries and reduce the impact and consequence of a breach.
Accepting breaches is not giving up
Accepting that breaches will occur doesn’t mean simply waiting with robust, post-breach action plans. Instead, how about we review prevention strategies and then look to our containment plans? Breaches need to move to be effective. Segmentation does not mean Zero Trust, but achieving Zero Trust without segmentation is impossible.
Segmentation within a Zero Trust framework slows the adversary, makes things harder and more expensive for them, and ultimately reduces the effectiveness. Let’s tip the scales back in favour of the defenders. If they’ve succeeded in locking you out of 50 systems instead of 5000 systems — and you know they’re not lurking in your backup systems — you might choose to nuke those 50 machines, and build them back up from your last known good backup. Hardly the catastrophic cyber event.
Let’s stop with the victim-blaming
Our industry loves to examine the victims. They’re crippled, their business is at risk and we scrutinise the response that is carried out under massive stress — did they act fast enough? Use the right words? Show enough empathy? Businesses that have been breached can expect to be judged in the court of public opinion over breach handling and all the short comings are laid bare for all to see. Asset inventory, patching level, tooling, third-party risk assessments, cyber insurance… we comb through it all.
As long as we keep treating ransomware victims with derision rather than victims of a serious crime, we are losing the opportunity to collaborate and learn from post-breach action plans.
Open up to collaboration
Conventional wisdom appears to support Zero Trust strategies — most companies say they are doing it, or plan to do it. So why are we all holding our cards so close to our chest when we could collaborate and innovate together?
We need the industry to share about their journeys to Zero Trust — why they started, where they started and how it’s going — peer stories are likely to be more effective than any vendor advice.
It’s critical that we are open-minded and look towards start-ups for innovation. Key to positive disruption in Zero Trust is supporting the start-up community newer innovators in cyber because many of the more established cyber vendors simply can’t engineer as fast, or innovate as quickly. They have competing corporate priorities, multiple code bases and why would they be in a hurry to disrupt their own cash cow?
Planning your Zero Trust journey
We need to take a critical eye on industry adoption. Planning the transition from where you are to where you’d rather be takes time and careful planning – clearly we can’t just flip a switch and transition from our existing tech stack to our new tech stack. So where do we start the journey, and what investments offers us the best bang for our buck?
Is there something you could be doing that is better, faster and cheaper? And if there was, why wouldn’t you want to hear about it. This is how we feel about zero-trust segmentation when compared to old architectures and technologies that weren’t designed for the modern enterprise.
Think Cities, not Castles.
Partnering with Illumio and Outcomex
Illumio, the pioneer and market leader of Zero Trust segmentation, prevents breaches from becoming cyber disasters.
Ask Outcomex about Illumio and how we can support you with ransomware mitigation and segmentation solutions that see risk, isolate attacks, and secure data across apps, clouds, data centres, and endpoints.
Download the whitepaper
Interesting in learning more? Contact us or complete the form below to download the “How to prevent ransomware from becoming a cyber disaster” white paper.