Why ransomware is no match for a Zero Trust architecture

As the fastest-growing cybercrime, ransomware is expected to attack every 2 seconds and cost $265 billion in damages annually by 2031. At this rate, it’s just a matter of when you will be the next victim. How do you stop fast-moving ransomware in its tracks—or at least slow it down so that the damage is minimal?

In the past, the biggest hurdle that hackers faced was getting past your security perimeter to access your data. But with a booming illegal market full of stolen credentials for purchase, the job is getting easier for cybercriminals. In fact, attackers are now more likely to use stolen credentials than malware, with more than 60% of data breaches involving the use of stolen credentials to slide past security barriers. An example is the famous Colonial Pipeline attack, which crippled fuel supplies in the eastern United States. Security analysts suspect that the group responsible for the attack purchased stolen credentials on the dark web.

After attackers gain access to a company’s network, they usually spend time poking around to find just the right data to take hostage. The more critical the data, the more ransom it will bring. Attackers then (typically) encrypt the high-value data and exfiltrate it (and possibly even publish it on a public website). They then use this stolen data to negotiate ransom payment.

So, how can you put up your guard against these cybercriminals? A Zero Trust architecture can address every phase of a ransomware attack and stop attackers in their tracks. Here’s how.

Traditional security solutions require a user name and password for you to access internal networks. After you’re inside, it trusts that you are who you say you are by default, and you’re free to roam. A Zero Trust architecture assumes nothing and requires verification every time that system or information access is requested—even if you’re already past the security perimeter and behind the company firewall. If user access appears to be suspicious, the user is immediately blocked and IT security teams are notified so that they can further investigate.

If an attacker does make it through the firewall, Zero Trust architectures offer another layer of protection by segmenting data and by applying “least privilege” rules for access. Typically, after a user gets past the firewall, they have full access to the entire network. This freedom gives attackers full access to all your data—they just have to look around to find the most critical files.

With Zero Trust, data is segmented into smaller buckets, and users are given access to the least amount of data that they need to do their job. This approach severely limits the amount of damage that an intruder can do because the pool of data that they can see and access is much smaller. And because you know exactly what data was compromised, it’s also easier to recover if a ransomware attack is successful.

A Zero Trust architecture offers centralized monitoring and management. Continuous monitoring with a single-pane view of your data environment makes it easier to identify anomalies in user behavior so that you can act instantly to prevent data loss. For example, the monitoring software sends an alert to notify you that a particular user is attempting to access data that’s not related to their job function. Or that a user is attempting to delete a large number of files. With the right technology in place, the Zero Trust architecture automatically blocks the user in question as soon as the unusual behavior is detected. It also makes a copy of the data at that point in time so that you have a current backup to restore if the attacker’s attempts are successful.

With the speed and ferocity at which ransomware is growing, a Zero Trust architecture is a necessity in the fight against cybercrime. If you’re ready to start building your own Zero Trust architecture, check out NetApp^® cyber-resilience and ransomware protection solutions. You will see how a data-centric approach to security can help you protect, detect, and recover if ransomware strikes your business.