Security News > 2021 > July > How to prevent ransomware attacks with a zero-trust security model
Identity-based access, frequent password changes and multi-factor authentication can help reduce the incidence of such attacks, but to be proactive Greatwood and I agreed that identifying the source of repeated, excessive login attempts and blocking such attempts are crucial to detecting and reducing the impact of ransomware attacks.
"A zero-trust model is a valuable defense mechanism in blocking ransomware."One of the most effective ways to prevent ransomware attacks is through the adoption of zero-trust architecture, the modern alternative to perimeter-based security.
Built on the principle 'never trust, always verify,' a zero-trust security strategy would have prevented ransomware attacks like the Colonial Pipeline and JBS, by preventing it from spreading across the operations while keeping the operation running.
"The Colonial Pipeline attack as well as many other recent attacks demonstrate that industrial operations lack the security controls across their operation to effectively identify, isolate and recover infected systems. Cybersecurity controls across the operations gives the operator the ability to control each interaction between applications, users and machines on an individual basis based on the identity and policy and with zero trust. When such controls exist they give the operator a method to prevent the attack from spreading and the operation can keep running even during an active attack," Greatwood said.
"Unlike traditional techniques, under which an attacker can exploit cyber weaknesses upon gaining access inside a network segment perimeter, zero trust treats the identity of each machine, application, user and data stream as its own independent 'perimeter,' allowing granular access policy enforcement. As such, rigorous security enforcement continues even in the event that hackers get into an operational or corporate network-and ransomware gets blocked from traversing between IT and OT systems," Greatwood said.
"Cybersecurity and Infrastructure Security Agency recently published a set of guidelines specifically for industrial operations due to the rise of ransomware attacks in this sector. National Institute of Standards and Technology has also been updating its set of guidelines for protecting Industrial Control Systems from such attacks. Both are advocating for a defense-in-depth approach focusing on zero-trust with granular role-based access management for all interactions in the OT and especially in IT/Cloud environments," Greatwood said.
News URL
Related news
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Romanian energy supplier Electrica hit by ransomware attack (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ransomware attack hits leading heart surgery device maker (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Starbucks, Supermarkets Targeted in Ransomware Attack (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)