Changing mindset into Cybersecurity Hygiene after Ransomware

It is absolutely true that, Ransomware is on the rise. In both the physical and digital worlds, the primary way criminals get in is through an unlocked door. Organizations that do not apply or maintain basic security hygiene like patching, applying updates, or turning on multifactor authentication will face much greater exposure to attacks, including ransomware or Distributed Denial of Service (DDoS). The most secure company is the one that recently was breached.” The reasoning was that companies that recently experienced a material breach would naturally make the investments necessary to strengthen their security program to minimize the likelihood of such an event occurring again.

On the surface, this seems that it would be true, particularly for companies experiencing a system-encrypting ransomware event. However, companies don’t show improvement in the cybersecurity hygiene of their internet presence one year after a system-encrypting ransomware event. At best, they take one step forward and one step back, showing improvement in software patching and degradation in restricting access to unsafe network services. Cybercriminals are using malware that is posed as legitimate software updates causing an increase in insider risk.

Basic security hygiene still protects against 98% of attacks. The increasing prevalence of cloud-based services, mobile computing, Internet of Things (IoT), and “bring your own device” (BYOD) in hybrid work environments has changed the technology landscape for today’s enterprise. Security architectures that rely on network firewalls and virtual private networks (VPNs) to isolate and restrict access to corporate technology resources and services are no longer sufficient for a workforce that regularly requires access to applications and resources that exist beyond traditional corporate network boundaries.

The shift to the internet as the network of choice and the continuously evolving threats led Microsoft to adopt a Zero Trust security model. There is a 130% year-over-year increase in ransomware attacks against organizations. Hence, Zero Trust has become a priority of enterprise security leaders around the world. We are facing a moment of reckoning as the world witnesses a rise in increasingly sophisticated and expansive cybersecurity attacks.

This reality—coupled with work entering its next great disruption, the move to hybrid environments—has ushered in an urgent opportunity for all companies around the world to adopt a Zero Trust approach and assume all activity, even by trusted users, could be an attempted breach. Signals across the industry highlight that every company needs to create a culture of security and modernize their approach to ensure they are protected.

S Mohini Ratna, Editor, VARINDIA