Cyber-Mayhem 2021: Zero-trust and The Way Forward

Jul 20, 2021 at 03:21 pm by pj


 Healthcare is the industry most susceptible to ransomware

 

By JAMES GENTRY

As we reach the halfway point of 2021 and look back over the last 18 months, I think we may all be sick of scary news 24 x 7.  Don’t you just want to pull the covers over your head? 

It might not surprise you to know that I and my peers often feel the same way, and so it’s with no small degree of antipathy that I write, again, about cyber-threats, but this time with a light at the end of the tunnel.

Let’s start with where we are today.  If you haven’t actually been under the covers, you’ve heard about several large cyber attacks in the last few months:

 

  • Colonial Pipeline was compromised, and fuel distribution was disrupted for the southeastern United States. They paid a $4.4M ransom; it took several days to get back up and running, causing long fuel lines and short-term fuel outages.
  • Meat producer JBS was compromised and shut down all of its U.S. production facilities. It was resolved quickly, suggesting that JBS paid a ransom (though JBS has not commented one way or another).
  • A water treatment plant in Oldsmar, Fla., was accessed by hackers, who increased the level of certain chemicals in the drinking water to dangerous levels.

 

It’s tempting to look at these examples and breathe a sigh of relief.  None are medical entities, and they are large and have deep pockets.  You may assume that only big guys are threatened.  You would be wrong:

According to Homeland Security Secretary Alejandro Mayorkas:

 

  • Small businesses comprise one-half to three-quarters of the victims of ransomware.
  • Ransomware attacks are up almost 300 percent in the last year.

 

According to Datto, a backup provider that compiles a report each year:

  • The average ransom demand in 2020 was $5,600.
  • The average cost of downtime in 2020, however, was $274,200!
  • The industry most susceptible to ransomware is Healthcare, (59 percent of attacks in 2020).

 

It is also reported that 60 percent of small businesses fold within six months of a cyber-attack.  Also:

 

  • Your number one cyber risk today is your employees.
  • The number one way that ransomware is deployed is from an employee clicking on a link in an email.
  • These links cause files to run silently in the background, deploying malware that can travel to other machines on the same network, causing a reinfection at a later date.

 

Now that we’ve discussed cyber-reality, we can discuss some new ways to mitigate the risk.  There are now more modern ways to reduce risk to your business: 

You are likely already familiar with two-factor authentication, whereby you are required to enter a numeric code you get from a phone app after you have entered your regular credentials.  This is a big help for online accounts (and it can also be deployed for your PC’s), but it is not foolproof.

The most interesting and effective new tool for mitigating malware risk is called “Zero-trust.”  One Zero-trust vendor calls it “The Way Forward,” and I must agree.  So, what is Zero-trust?

It’s exactly what the name suggests.  No file or process is trusted on your network unless it’s specifically given permission. If it’s not trusted, it cannot run.  A software agent is installed on all servers and PCs, and any file or process that tries to run is prevented from doing so unless/until it has been approved.

How does this differ from traditional anti-malware?  Traditional anti-malware must recognize that a file or process is malicious.  If a new malware variant finds its way to your network, it’s possible (even likely) that anti-malware will not recognize it, and it will be able to run. 

Zero-trust will not allow ANYTHING to run until it has been investigated and given explicit permission to do so.  This is a game changer. 

The challenge with zero-trust is how to keep it from blocking things that you need.  Modern versions of zero-trust have a learning mode that detects normal files and processes so they are automatically allowed.  Once learning mode is turned off, the network is “locked down” and any unrecognized file is blocked from that point forward.  There are mechanisms in place to easily request that a file be investigated so that it can be allowed if it is determined to be safe.

I should end by reminding everyone that it is just not possible to perfectly protect any network. But deploying two factor authentication and zero-trust makes compromising a network exceedingly difficult, and compels hackers to move on to easier game. 

 

James Gentry is the president of Atlantic Data Team, a central-Florida-based business IT company. For more information go to www.atlanticdatateam.com.