Three practical steps to protect your organisation from ransomware attacks with an identity-centric zero trust approach to security
While ransomware is far from new, the rapid, global shift towards a new hybrid work culture that operates both inside and outside of the perimeter means organisations today are more vulnerable to attacks than ever before.
According to The State of Ransomware 2021 report by Sophos, 37% of organisations having already been hit by ransomware so far this year, while the average total cost of recovery from a ransomware attack has more than doubled from $761,106 in 2020 to $1.85 million in 2021. But what’s driving this sudden upsurge?
Traditionally, good data backups and a rehearsed restoration procedure were a good investment against paying a ransom. Of course, examples of backups also becoming infected persist as grim war stories, but only as edge cases. Increasingly, ransomware crews have found innovative ways to circumvent security measures and ensure their efforts are rewarded.
Data is now regularly stolen before encryption, allowing an attacker to threaten public release as additional motivation to pay. Once compromised, access to a network may be sold to other criminals via access brokers, leading to further attacks of varying motivations. If a supply chain is impacted by a ransomware event, attacks can seek to influence customers of a supplier to apply increased pressure on the victim to restore service quickly.
Knowledge of an attack can also be sold to financial brokers to short sell stock before the attack becomes widely known to the market. And now, far from requiring deep technical experience, ransomware-as-a-service is further enabling complex malicious technologies to a wider criminal audience, for a relatively small fee. This is an adaptive and agile criminal enterprise with many evolving avenues to making money from technical misery. So what’s the solution?
While there’s no silver bullet when it comes to protecting your organisation from ransomware attacks, this guide will explore how an identity-first security strategy centred around zero trust can help reduce the data breaches that fuel them.
To read full download the whitepaper:
Okta’s Ransomware Prevention Checklist
