When a global pandemic forced the closure of millions of businesses, many employees were required to access company systems through virtual private networks. This proved to be a reasonable stopgap solution in the face of extraordinary circumstances, but it also increased the threat surface significantly.

Security companies have responded through implementation of zero-trust network access, or ZTNA. It extends the principles of zero-trust access to verify users before every application session, an increasingly important action amid rising ransomware threats.

“Zero trust says: ‘I’m only going to allow you access to this application, and I’m going to keep checking on you to make sure you are who you say you are,’” said John Maddison (pictured), chief marketing officer and executive vice president of products at Fortinet Inc. “It just narrows the attack surface down from this giant network approach to a specific application. It’s going to be important technology.”

Maddison spoke with Lisa Martin, host of SiliconANGLE Media’s livestreaming video studio theCUBE. They discussed the current threat climate surrounding ransomware attacks and the need for enterprises to architect for longer-term security solutions. (* Disclosure below.)

Breach cost on the rise

The importance of ZTNA has been underscored in recent weeks by high-profile ransomware attacks. Malicious actors have managed to breach a large national meat supplier and an energy pipeline company, causing significant havoc.

Over the July 4th holiday, cybercriminals targeted a software company that provided tools for managed service providers, impacting an estimated 800 to 1,500 businesses through combined ransomware demands of $50 million.

“Two years ago, we saw a lot of ransomware in the schools, and they’re picking some richer targets now,” Maddison said. “Instead of demanding $5,000 or $10,000 from a small business or a school, they are demanding millions from these larger companies.”

While the increasing impact of ransomware attacks may be the byproduct of a pandemic-related expanded threat surface, the techniques used by cybercriminals have not really changed because they still work. This makes it even more crucial that businesses develop a long-term plan to protect networks.

“One of the problems with ransomware is it still relies heavily on social engineering. I don’t think you can eliminate people clicking on stuff,” Maddison noted. “What it means is you have to put more proactive things in place, like zero trust, like micro-segmentation, like web application file warning. We want to help our customers apply best practices and start architecting longer term to implement zero trust or secure access service edge.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE