Keeping your business safe from ransomware attacks

In the old days protecting our valuables was easy

We could bury them, disguise them, or lock them away with a trusted third party, knowing they’d be safe from theft or ransom. But when your most important assets are digital, you need to work with a very different set of rules.

2021 saw an unprecedented number of serious cyberattacks, with ransomware taking the spotlight. According to GCHQ, ransomware attacks have doubled in the past year. At Akamai, we’ve detected a threefold increase in web attacks, how many ransomware attacks occur, between 2020 and 2021. One estimate puts the global cost of ransomware attacks at over $265 billion by 2031.

While these figures are astonishing, they don’t mean much to many of us. It’s the stories of individual attacks and the collateral damage they cause that has brought ransomware front of mind for us as individuals and businesses. The London Borough of Hackney was targeted in late 2020, and other recent victims range from Graff, the high-profile jeweller, to Ireland’s Health Service Executive. According to one Gartner analyst, cyberattacks are becoming sophisticated enough to be able to cause physical human casualties in the near future.

What this tells us is that any type of organization is vulnerable to ransomware: even if your data isn’t inherently valuable, ransomware attacks disrupt business continuity, making it more appealing to pay to have normality restored. Acting now to protect your business is imperative.

Why has ransomware become such a huge problem now?

Widespread home working has introduced cybersecurity risks that millions are taking every day. Remote employees are accessing multiple applications, via multiple devices that may not have been previously secured. This opens both the employee and company environment to vulnerabilities much more frequently than before the pandemic.

These changes in the way we use technology have come hot on the heels of longer-term trends. With the advent of cryptocurrencies, a whole infrastructure has flourished to facilitate untraceable payments to cybercriminals. At the same time, cybercrime has become much more professionalised, with organized teams of hackers spanning different countries and leveraging collaboratively produced toolkits to attack new vulnerabilities almost as soon as they appear.

Most businesses use a combination of technologies to protect themselves against cyberattacks. These are built on a ‘trust but verify’ model, which relies on verifying access to an application with the correct user credentials, often backed up with multi-factor authentication (MFA). With the standard approach many businesses use, which uses virtual private networks (VPNs) to secure access, once a user is authenticated via MFA they then have access to the full network.

As the past year has shown, this is no longer enough, and a far more robust solution is needed to fight the rising tide of ransomware.

Enter ‘Zero Trust’

The heart of the problem is one of trust. Once a user gets access to your business’ network, the network trusts that that user belongs there, and the user can move about and access all sorts of information. In a world where businesses are targeted on a weekly or even daily basis by cybercriminals, this way of organizing our networks is no longer fit for purpose.

Zero Trust means what it sounds like: no one on the network is trusted. Users are given only the access that they require for their task, and the network is split into different parts to make it more difficult for would-be attackers to travel across the network in search of valuable data to steal.

There are a broad suite of technologies that combine to create a Zero Trust security framework. These include Web Application Firewall, Zero Trust Network Access, Domain Name System Firewall, and Secure Web Gateway. Any reliable cybersecurity protection strategy should focus on ensuring these technologies are in place to protect vital business data by preventing attackers from accessing your network.

For example, think of the classic case of an employee leaving their work phone somewhere in public. This has the potential to leave access to company servers dangerously exposed through the lost device. However, if these Zero Trust technologies are in place, then when the device is lost all that is exposed is the device’s IP address and the local files on the phone itself. The hacker can’t access the company server, because they don’t have the required credentials to prove they are who they say they are.

Segmentation: a critical piece of the puzzle

There are rare instances where a cyberattack manages to scale these Zero Trust preventative defences and manage to access your network. In these cases, micro-segmentation is what is called for – and at Akamai we’re excited to have added this capability to our cybersecurity solutions portfolio through our acquisition of micro-segmentation specialists Guardicore.

Think about a network like a home. To secure your home you may have cameras, an alarm, a dog, and a gate, all to prevent unauthorised entry through the front door. However, if an attacker does make it through that door, they have unrestricted access to the whole property. Now imagine how your valuables could be made more secure if every internal door in the house was lockable.

This is the basis of what micro-segmentation achieves: it gives a business more visibility into its infrastructure, and enables breaches to be detected early, and corrective action taken accordingly. This is particularly important in ransomware attacks, where the longer your network is exposed to malware, the worse the damage can be.

There’s no denying it – adopting Zero Trust does require some upfront investment in new technologies and IT resource. But the past year has made the costs of doing nothing abundantly clear. Hybrid working, 5G, organized cybercriminal organizations: these risk factors aren’t going away any time soon, and the businesses that prepare now are much more likely to avoid having to quite literally pay later.

About the Author

Richard Meeus is director of security technology and strategy EMEA at Akamai. Over 20 years ago, we set out to solve the toughest challenge of the early internet: the worldwide wait. And we’ve been solving the internet’s toughest challenges ever since. That’s why the most innovative companies worldwide trust Akamai to secure and deliver their digital experiences — making lives better for billions of people, billions of times a day. With the world’s largest and most trusted edge platform, we keep apps, code, and experiences closer to users — and threats farther away.