Security News > 2021 > July > How to prevent ransomware attacks with a zero-trust security model
Identity-based access, frequent password changes and multi-factor authentication can help reduce the incidence of such attacks, but to be proactive Greatwood and I agreed that identifying the source of repeated, excessive login attempts and blocking such attempts are crucial to detecting and reducing the impact of ransomware attacks.
"A zero-trust model is a valuable defense mechanism in blocking ransomware."One of the most effective ways to prevent ransomware attacks is through the adoption of zero-trust architecture, the modern alternative to perimeter-based security.
Built on the principle 'never trust, always verify,' a zero-trust security strategy would have prevented ransomware attacks like the Colonial Pipeline and JBS, by preventing it from spreading across the operations while keeping the operation running.
"The Colonial Pipeline attack as well as many other recent attacks demonstrate that industrial operations lack the security controls across their operation to effectively identify, isolate and recover infected systems. Cybersecurity controls across the operations gives the operator the ability to control each interaction between applications, users and machines on an individual basis based on the identity and policy and with zero trust. When such controls exist they give the operator a method to prevent the attack from spreading and the operation can keep running even during an active attack," Greatwood said.
"Unlike traditional techniques, under which an attacker can exploit cyber weaknesses upon gaining access inside a network segment perimeter, zero trust treats the identity of each machine, application, user and data stream as its own independent 'perimeter,' allowing granular access policy enforcement. As such, rigorous security enforcement continues even in the event that hackers get into an operational or corporate network-and ransomware gets blocked from traversing between IT and OT systems," Greatwood said.
"Cybersecurity and Infrastructure Security Agency recently published a set of guidelines specifically for industrial operations due to the rise of ransomware attacks in this sector. National Institute of Standards and Technology has also been updating its set of guidelines for protecting Industrial Control Systems from such attacks. Both are advocating for a defense-in-depth approach focusing on zero-trust with granular role-based access management for all interactions in the OT and especially in IT/Cloud environments," Greatwood said.
News URL
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Leveraging Wazuh for Zero Trust security (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)