A study of 5,400 IT professionals has revealed a correlation between the direct experience of ransomware and the adoption of a zero-trust approach.
Organizations that had experienced a ransomware attack in the previous year, defined as multiple devices being impacted but not necessarily encrypted, reported considerably higher levels of awareness of the zero-trust approach. They were more advanced in implementing zero-trust network access (ZTNA) solutions than those that hadn’t experienced an incident.
ZTNA demands verification of every endpoint, server, and user before granting access to an application or any part of the network. As adversaries grow ever more skilled in exploiting remote tools and credentials and turning a target’s security policies against them, a defense-in-depth approach to security based on the concept of ‘trust nothing, verify everything’ is becoming the benchmark for protection.
These organizations’ direct experience of ransomware likely accelerated the implementation of a zero-trust approach to help prevent future attacks.
The findings result from an independent survey of 5,400 IT professionals in organizations with between 100 and 5,000 employees conducted by research house Vanson Bourne on behalf of Sophos in 2021.
The role of ZTNA in preventing ransomware attacks
Breaching the victim’s network is one of the first steps in a ransomware attack. The rapid increase in remote working over the last two years has hugely increased the opportunity for attackers to exploit vulnerable VPN clients to get a foothold in an organization. Once inside, they are often free to move laterally throughout the network, escalating privileges and progressing the attack.
By eliminating vulnerable VPN client software, granularly controlling access based on device health and identity, and micro-segmenting applications, ZTNA stops attackers from breaching the organization and moving around it, even if they obtain legitimate credentials.
Key findings from the research include:
Finding one: Ransomware victims have much greater familiarity with the ZTNA approach
IT professionals in organizations that had been hit by ransomware in the previous year are almost 50% more likely to be ‘very familiar’ with the ZTNA approach than those whose organizations hadn’t experienced an incident (59% vs. 39%). It rises to 71% among those whose organizations had been hit and paid the ransom.
Finding two: Ransomware victims are more advanced in their adoption of the zero-trust approach
One quarter (25%) of those whose organizations experienced a ransomware attack in the previous year have already fully adopted a zero-trust approach, rising to 40% of those whose organizations were hit and paid the ransom. In comparison, just one-sixth (17%) of those that hadn’t experienced an attack had already fully migrated to this approach.
Finding three: Ransomware victims have different motivations for adopting a zero-trust approach
Respondents were asked about their motivations for adopting a zero-trust approach and, while there were several commonalities, there were also clear areas of difference.
- To improve our overall cybersecurity posture’ was the most common motivator among both victims and non-victims
- The second most common motivator among ransomware victims was the desire to ‘simplify our cybersecurity operations’ (43%), potentially reflecting that complex security had contributed to their previous attack.
- Ransomware victims are also heavily motivated by ‘supporting our move to increased use of the cloud’ (42%). It dropped to 30% amongst those that hadn’t experienced a recent attack.
- Similarly, ransomware victims were also much more likely to say that ‘to move from a CAPEX to an OPEX model´ was one of the main factors behind their zero-trust approach adoption (27% vs. 16%, and rising to 34% among those that had been hit by ransomware and paid the ransom)
Finding four: The pandemic was more likely to impact the zero-trust adoption plans of ransomware victims positively.
For many organizations, the pandemic positively impacted their plans for adopting a zero-trust approach. For many, it created a need for zero trust that they didn’t have before. It is understandable as many companies and public bodies were previously wholly office-based and didn’t need to provide secure remote access.
Half (50%) of ransomware victims and 36% of non-victims reported that the pandemic enabled them to move budget to adopt a zero-trust approach. At the same time, many said that it helped them to divert people and/or money from other activities to zero trust.
The survey findings highlight that organizations that fell victim to ransomware and paid the ransom were most likely to experience a positive pandemic impact on their zero-trust adoption. It seems that the pain of the ransomware attack might have concentrated minds and resources on effectively mitigating a future incident.
Sophos recently launched Zero Trust Network Access (ZTNA), which provides a much more secure and easy-to-manage remote access solution that delivers end-users a transparent, frictionless experience.
