HOME
NEWS

Ransomware, Phishing, Zero Trust, and the New Normal of Cyber Security


By VARINDIA - 2021-08-05
Ransomware, Phishing, Zero Trust, and the New Normal of Cyber Security

When the COVID-19 pandemic struck, cyber criminals saw their opportunity, and they took it. With corporate offices, government agencies, schools, and universities shifting from in-person to remote work models, and even many healthcare interactions moving online, the rushed nature of the transition led to inevitable cyber security gaps. Consumer broadband and personal devices undermined the corporate security stack; unsafe user practices and overlooked security patches opened ample vulnerabilities throughout the environment. Meanwhile, an anxious and often confused public proved easy prey for phishing attacks. The impact was all too predictable: phishing attacks, DDoS attacks, and ransomware attacks all spiked. Eighty percent of firms saw an increase in incidents in 2020, and the COVID-19 pandemic was blamed for a 238 percent rise in cyber attacks on banks. Phishing has jumped 600 percent since the end of February 2020.

 

Why Ransomware Attacks and Costs are Soaring

 

The pandemic-driven surge in ransomware was immediate and dramatic. Ransomware attacks rose 148 percent in March 2020, with average payments up 33 percent to $111,605 compared with Q4 2019—and reaching $170,000 by Q3 2020. Before long, the U.S. was reeling from a May 2021 ransomware strike that shut down a critical fuel pipeline. While the rise in ransomware strikes likely resulted in part from greater opportunities for hackers, combined with the increased effectiveness of phishing attacks targeting news-obsessed users, a change in tactics may also have played a role. While earlier attacks generally focused on the traditional encryption-payment-decryption ransomware model, hackers are now seeking to increase their returns through data exfiltration, stealing data and offering it for sale on the black market.

 

For ransomware victims such as municipalities, corporations, healthcare systems, and universities, the growth in data exfiltration can compound the already considerable damage of a ransomware attack beyond the ransom itself, potentially including violations of customer privacy, the loss of corporate data, and massive regulatory files. Add to this hidden costs such as system downtime, reduced efficiency, incidence response costs, and brand and reputation damage—bringing total global costs to more than $1 trillion each year.

 

Taking Data Protection Inside the Perimeter with Zero Trust

 

In the era of public cloud, mobility, and work-from-home, the notion of perimeter security has quickly become outdated. It’s not just that the attack surface has changed; organizations have also gained a new understanding of the identity of potential attacker, including trusted insiders who don’t even realize that they’re abetting a crime. It’s common to think of an internal threat actor as a disgruntled employee or spy undermining cyber security with ill intent, but it’s even more common for a well-meaning employee to inadvertently open the door to hackers through poor password hygiene, nonsecure practices, or the ever-popular phishing lure. Think of the employees of several small city governments in Florida, including a member of one city’s police department, who triggered a wave of costly ransomware infections in 2019.

 

While awareness and education can help lessen the risk of successful phishing and ransomware attacks, a single moment of inattention and carelessness can be enough to devastate the business. It’s safer to assume that anyone, even a trusted user with a heart of gold, can pose a security risk, and design your cyber defense strategy accordingly. Hence the rise of Zero Trust—the notion that we shouldn’t trust anything or anyone, inside or outside the network, with access to our computer systems. In practice, this means measures such as:

 

Moving beyond the idea of inside versus outside and redesigning cyber defense in terms of secure micro-parameters, with multiple points of network defense

Implementing the ability to control, inspect, and restrict network traffic traveling in any direction-north-south or east-west-within your organization

Subjecting users to checks and balances, each time they cross into a different area of the network or try to access a new set of resources, to verify their need and privileges

Ensuring timeliness and preventing excess privileges from accumulating by periodically revoking and refreshing access and credentials

Continuously monitoring who’s accessing whatand the level of risk these activities might present

 

Why SSl Inspection is Critical for Zero Trust

 

As organizations move to implement Zero Trust, they quickly run into the issue of visibility in a world of pervasive TLS/SSL encryption. To enable fast threat detection and response times, it’s essential to be able to decrypt, inspect, and re-encrypt network traffic quickly and efficiently at scale without impairing cost or adding complexity. A centralized, dedicated SSL decryption capability makes it possible to provide visibility into network traffic for each element of the cyber security stack without the inefficiencies and performance penalties of device-by-device decryption and re-encryption. Similarly, a centralized approach to management can help organizations ensure consistent and efficient policy enforcement across the security infrastructure.

 

As a strategy rather than a product category, Zero Trust implementation requires more than simply plugging in a new box. Rather, it represents a new way of thinking about cyber security, embodied in evolving approaches to management, automation, auditability, resiliency, and integration. By approaching Zero Trust in this way, organizations can mitigate the security risks endemic in the new normal, and better protect their business from threats of all kinds.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA