Ransomware isn’t going anywhere, and the attacks continue to grow. Cybercriminals are inventing new ways to gain access to networks and systems. The rise in attacks has been linked with continued work from home and the rise in Internet-enabled devices.
Siddharth Pisharoti, Regional Vice President, Akamai Technologies – India, SEA, and APJ (henceforth SP) shares his views on Ransomware as a Service (RAAS) and Zero Trust with Smruti Gandhi, Director – Community Engagement & Executive Editor, DynamicCISO (DCISO).
According to Pisharoti, many enterprises are still approaching security with the outdated notion of a protected, firewalled corporate network. The first step businesses can take to strengthen their cybersecurity posture is to reframe their security strategy to focus on both external and internal attacks. This means moving away from the old perimeter-centric approach to security, towards a Zero Trust model that focuses on granting the right people the right access at any time, regardless of their location.
DCISO: How has the security threat landscape changed in India?
SP : Pandemic-led acceleration in digital transformation has led to a steep rise in cyberattacks on Indian organizations. This has been compounded by a shortage of cybersecurity talent. Recent data from India’s Computer Emergency Response Team (CERT-In) states that more than 1.15M incidents of cyberattacks were tracked and reported in 2021.
The rise in connectivity due to the shift towards a hybrid workforce has resulted in a greater attack surface for cybercriminals to exploit. We are seeing phishing kits that target remote workers, and DDoS attacks targeting VPNs and remote access infrastructure. Cloud migration and increased threat activity have also left many organizations struggling to keep up with the pace of these security developments.
Additionally, ransomware groups have risen dramatically in recent years using double extortion tactics, in which they steal critical data, like IP (intellectual property) and source codes, before locking the company out of their systems. This threat will only grow as enterprising cybercriminals invent new ways to take advantage of the growing attack surface. It is vital that organizations put in place a strategy for protecting critical assets.
DCISO: Ransomware as a Service (RaaS) has been gaining traction in 2022 and is touted to be the biggest threat to enterprise cybersecurity. Could you elaborate more on this?
SP : Ransomware is now a huge problem for enterprises globally, with a new attack striking every 11 seconds. The damage resulting from ransomware alone was expected to cost organizations more than US$20 billion in 2021. This has given rise to RaaS, which is a more sophisticated service model for cybercriminals. It is a systematic model, like Software as a Service, where criminals leverage already developed ransomware tools to initiate cyberattacks for a price.
Generally, the perception of ransomware is that attacks happen occasionally, but as the volume of attacks has increased exponentially and the cost of payments demanded by the attackers has soared, remediation costs have continued to climb. For example, last year the attack on the Colonial Pipeline caused the company to shut down operations and their business was hit severely.
Recently our security researchers reviewed and analyzed the leaked Conti group’s internal documentation used by Conti – a modern ransomware group to understand the tools and techniques it uses. It is a notorious ransomware group that targets high-revenue organizations. They were first detected in 2020 and appear to be based in Russia. It is believed that the group is the successor to the Ryuk ransomware group. According to Chainalysis, the ransomware group was the highest-grossing of all ransomware groups in 2021, with an estimated revenue of at least 180 million dollars. These attack scenarios are multifaceted and detail-oriented. They have found a formula that continues to work; harvest credentials, propagate, and repeat.
These kinds of threats will only multiply as criminals keep inventing new ways to gain access to networks and systems. As we’ve moved into an era dominated by financial motivation, ransomware is the new face of organized crime, and in 2022 we will continue to see these types of attacks get worse before they get better. While law enforcement is getting stronger to prevent ransomware, it is an alarming issue that will take time to overcome. Better security measures, such as micro-segmentation, aren’t new, but they can significantly reduce the impact on your organization when properly implemented.
DCISO: With the growing acceptance of Cloud, Mobile, and IoT, the threat surface is widening. It is not as easy to crack down on the threat actors who breach the loopholes in these technologies and exploit them. What are the challenges that the enterprises are facing and how prepared are they to deal with them?
SP : During the pandemic, organizations became more geographically dispersed, even if that only means people working from home instead of the office. In addition to the employees, the software also migrated outside the corporate perimeter. As businesses begin to open up again, the trend is leaning towards mobility as a means to support a hybrid working environment.
This has increased the adoption of cloud applications, storage, and computing resources and it is putting pressure on the traditional networking and security models. Legacy networks were designed and built for a centralized world where all devices, traffic, and resources were inside the same physical network. All these cannot cope with the performance and security requirements of cloud-based businesses.
Due to this IT leaders are motivated to migrate systems to secure data, maintain data access, save money, optimize storage resources, and accelerate their digital journey. Even today, many enterprises approach security with the notion of a protected, firewalled corporate network. Things like public-facing applications, virtualized servers, and a mix of on-premises and cloud technologies bring forward a much more “protected perimeter” approach to security.
It is really difficult to put cloud-based applications and infrastructure behind traditional security defenses and still maintain performance. Additionally, product teams have begun to de-prioritize security in favor of speed and accelerating the go-to-market timelines for digitization. Malicious actors have been able to exploit this loophole, leading to an unprecedented rise in the number of cyberattacks.
DCISO: What is the difference between Zero Trust and micro-segmentation? What is the role of micro-segmentation in Zero trust?
SP : At its core, Zero Trust is based on the age-old principle of least privilege. A network security model based on a strict identity verification process. It ensures that only authenticated and authorized users and devices can access the right applications and data. At the same time, it protects those applications and users from advanced threats on the Internet, as users are automatically blocked from accessing phishing or malware distribution sites.
However, the stark reality is that it just isn’t possible to plug all the potential cracks in the enterprise. At some point, there are diminishing returns in trying to create an impenetrable barrier. Organizations need a strategy in place for protecting critical assets when ransomware breaches those enterprise defenses.
This is where micro-segmentation comes in. It logically divides the enterprise into distinct security segments, down to the individual software and workload level, with well-defined security controls for each.
This helps organizations to mitigate the impact of infections that slip through the cracks, by addressing the problem of malware proliferating across the enterprise. Just like a waterproof bulkhead in a submarine, it helps contain the ‘blast radius’ from a malware attack, dramatically limiting its lateral spread.
DCISO: Why is Zero Trust important for CISOs?
SP : CISOs must understand it’s only a matter of time until systems become infected. Just like how Indiana Jones dodged booby traps left and right in his quest to find treasure, cybercriminals will try all ways and means to bypass ‘booby traps’ a.k.a security systems to get their hands on data – all they need is a single compromised endpoint as a foothold to move throughout the network.
With a ‘’never trust, always verify’’ approach across all entities regardless of location, device or application being used, and where the data is hosted, Zero Trust ensures that only the right business assets are available to the right people at any given time regardless of where the data resides.
Additionally, the use of micro-segmentation technology, which enables deep visibility into data movements, is critical in minimizing the risk of cybercriminals reaching critical assets once defenses are breached. Zero Trust and micro-segmentation technology also ease the burden on employees on having to determine whether something is malicious.
It’s critical for CISOs to understand that cybersecurity is not a costly proposition, it’s now a business imperative. It’s important to have the mindset that threats are now anywhere and everywhere – across users, devices, and applications. They need to look at future-proofing their business through cybersecurity strategies such as the Zero Trust Model.
DCISO: What are some best practices for businesses to strengthen their cybersecurity posture?
SP : The first step enterprises must take to strengthen their cybersecurity framework is to focus on both internal and external threat vectors and revamp their security strategy. This means moving away from the old perimeter-centric approach to security, towards a Zero Trust model that focuses on granting the right people the right access at any time, regardless of location.
With end-users, applications, and devices now everywhere, organizations should also look towards shifting their security stack to the edge, which ensures that attack traffic can be blocked right at its source, preventing access to its target. To ease the transition, they can work with a cybersecurity provider that helps to deliver security capabilities from a single platform and is also capable of managing and abstracting the complexities of a distributed infrastructure.
At Akamai, we have grown our security portfolio from point solutions into a comprehensive platform that provides defense in depth to address our customers’ biggest threats. By adding Guardicore’s micro-segmentation solution into our Zero Trust security portfolio, we are uniquely suited to provide comprehensive protection against threat actors.