The curtain rises on the concept of prevention
Ransomware has become the dormant agent of cybersecurity. A sleeper agent is a spy who makes his way through a country or organization and behaves normally until called upon to accomplish his mission months or years later. In the case of ransomware, everyone thinks that the often disastrous and harmful effects occur immediately. If I’m your coworker and email you a document, there’s a good chance you’ll open it. Once activated, the malware could overwhelm and compromise your system within seconds, if that is the intention. But not always.
More often than not, malicious ransomware code can incubate and remain hidden for months, only to be activated at a certain time, such as a specific day, or even synchronized with the phase of the moon. And over the months, the malware can spread slowly, encrypting things – not all of a sudden but bit by bit – taking things that were once good and exploiting them to do bad things across the board. organization or ecosystem. Like I said, sleeper agent.
So how are we supposed to create resilient systems and continue to operate our businesses in light of the growing threat of ransomware?
More detection is not the solution
Global businesses and governments, both federal and local, have invested billions in trying to detect and thwart ransomware. Detection is an important part of a resilient infrastructure, but it could take us six to nine months before data breaches come to light. Obviously, more detection is not the solution. As an industry, we have failed to detect. We have tried to do this for decades. Whenever we innovate, the bad guys find a way around it. In recent years, we have looked at malware detection tools based on machine learning and artificial intelligence (AI). Innovations like AI are helpful, but guess what, the bad guys are also using AI and some deep counterfeits. The arms race for innovation has not eliminated or reduced threats such as ransomware. Instead, ransomware attacks continue to increase in scope and financial impact.
In response, our industry has adopted zero trust architectures and explicit trust approaches, but most zero trust journeys have largely focused on identity and access. The recent evolution of hybrid workforces and digital transformation, along with their concomitant use of electronic content and information everywhere, are leading indicators of the next step towards zero trust: data.
Switch to 100% prevention
It’s no understatement that data is the central nervous system of an organization. Data is ubiquitous and virtually standardized, from PDFs and emails to web pages and databases. Businesses need to rethink their scope because the scope is now where data is used. In other words: if you focus on authentication and discovery, you can be successful in knowing who a person is on the network and what they are allowed to access. But you might not know what they are accessing and why.
Analysis tools are incredibly useful in helping identify moments of potential risk, but it’s always like looking for a needle in a haystack. If we are following zero trust, then don’t trust any of the assets entering the network in the first place. In a 100% prevention model, you decide all content is bad and sanitize everything, regardless of the source.
All or nothing, or just nothing, is radical thinking, but existential threats like ransomware demand a new approach. Business leaders and cybersecurity executives need to embrace zero-trust content transformation technologies such as disarmament and content reconstruction (CDR) that have matured for the enterprise. CDR assumes that all files entering your network contain malware. CDR intercepts a document at the edge of the network, recreates the content from scratch, and delivers it clean and secure to the intended recipient. It doesn’t matter if a cyber thief hijacked a provider’s email account to manipulate me (big luck) by clicking on an infected attachment. The file will be cleaned up even before the email reaches my inbox. Threat prevented.
In these times, we need unconventional approaches to defend our economies, our critical infrastructure and our way of life. When cybersecurity can allow the status quo to be maintained, then we will see more opportunities for the industry. Hyperscaling the IT resources needed to meet the demands of today’s hybrid workforce requires an equal scaling of cybersecurity capabilities. While previously willing to implement point product racks, more and more customers are asking for integrated cloud deployment models. They’ll want to make cybersecurity as simple as a service, such as flipping a switch to deploy threat removal, data security, firewall, web security, and other features wherever they need it and whenever they want.
As business and government agency leaders continue to mature their digital transformation efforts, they recognize the business catalyst that is cybersecurity. The zero trust journey will continue as organizations proactively seek to prevent compromise and stop trying to detect or respond to threats. This makes me optimistic for the next year and the years to come.
Petko Stoyanov is the CTO of Forcepoint