UPDATED 13:17 EST / JULY 09 2021

SECURITY

Escalating ransomware attacks place greater focus on zero-trust network access

When a global pandemic forced the closure of millions of businesses, many employees were required to access company systems through virtual private networks. This proved to be a reasonable stopgap solution in the face of extraordinary circumstances, but it also increased the threat surface significantly.

Security companies have responded through implementation of zero-trust network access, or ZTNA. It extends the principles of zero-trust access to verify users before every application session, an increasingly important action amid rising ransomware threats.

“Zero trust says: ‘I’m only going to allow you access to this application, and I’m going to keep checking on you to make sure you are who you say you are,’” said John Maddison (pictured), chief marketing officer and executive vice president of products at Fortinet Inc. “It just narrows the attack surface down from this giant network approach to a specific application. It’s going to be important technology.”

Maddison spoke with Lisa Martin, host of SiliconANGLE Media’s livestreaming video studio theCUBE. They discussed the current threat climate surrounding ransomware attacks and the need for enterprises to architect for longer-term security solutions. (* Disclosure below.)

Breach cost on the rise

The importance of ZTNA has been underscored in recent weeks by high-profile ransomware attacks. Malicious actors have managed to breach a large national meat supplier and an energy pipeline company, causing significant havoc.

Over the July 4th holiday, cybercriminals targeted a software company that provided tools for managed service providers, impacting an estimated 800 to 1,500 businesses through combined ransomware demands of $50 million.

“Two years ago, we saw a lot of ransomware in the schools, and they’re picking some richer targets now,” Maddison said. “Instead of demanding $5,000 or $10,000 from a small business or a school, they are demanding millions from these larger companies.”

While the increasing impact of ransomware attacks may be the byproduct of a pandemic-related expanded threat surface, the techniques used by cybercriminals have not really changed because they still work. This makes it even more crucial that businesses develop a long-term plan to protect networks.

“One of the problems with ransomware is it still relies heavily on social engineering. I don’t think you can eliminate people clicking on stuff,” Maddison noted. “What it means is you have to put more proactive things in place, like zero trust, like micro-segmentation, like web application file warning. We want to help our customers apply best practices and start architecting longer term to implement zero trust or secure access service edge.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU