Ransomware is reaching epidemic proportions. A recent report from Veeam found that 75% of businesses suffered an attack in 2023. According to a report from NCC Group’s Global Threat Intelligence Team, ransomware attacks surged by 16% within a single month, between June 2023 and July 2023, marking a more than twofold increase from the number of attacks reported in July the previous year.

And it’s incredibly lucrative. That same year, the global net payout of ransomware attacks was over $1.1B — a staggering $533M more than the year before. With the average ransom payment in Q1 of this year sitting at $2M (up from $400k in Q1 2023), 2024 will be the most expensive year for ransomware attacks in history. Industry analysts predict ransomware attacks could cost organizations more than $250B annually by 2031.

In recent years, many companies have made global news, demonstrating by example the financial and reputational devastation that often ensues from ransomware attacks. From news reports, readers will likely remember Colonial Pipeline, the Costa Rican government and meat supplier JBS Foods. Last year, brands such as Dish Networks, NCR, Johnson Controls, Sony, Las Vegas MGM and MOVEit (which includes BBC, British Airways and Ernst & Young) paid ransoms hoping to minimize damage to their brand and customer base.

Enabling Ransomware Attacks

The motive for ransomware is clear, but without enough of the right opportunities, well, we wouldn’t even be talking about it. Ransomware attacks are profitable and therefore hugely popular because our current digital landscape and the choices we make within it present plenty of opportunities for hackers to launch successful campaigns.

Some of those opportunities include:

Remote Work – The rapid post-pandemic adoption of “work from home” has extended the security perimeter of many organizations to each employee user wherever they log in. In recent years, gaps in organizations’ cybersecurity defenses caused by hybrid and remote workforces have become a commonly exploited point of entry for ransomware.

Human Error – Humans are commonly referred to as the weakest link in any organization’s security perimeter, so it is no surprise that phishing is consistently ranked as the top entry point for ransomware attacks.

Third-Party Vendors – Organizations often rely on third-party business associates to protect their entrusted data, but they don’t always loop them into their security perimeter. This makes vendors an attractive target for bad actors to gain access to data belonging to an organization that might otherwise be more challenging to breach.

Protecting Against Ransomware

So how do you protect your organization from ransomware attacks? The answer is to adopt an identity-first, zero-trust model.

Simply put, this means relying on a “never trust, always verify” approach. Instead of assuming everyone and everything inside a network is safe, zero-trust requires verifying every user, device and request made. This model prevents unauthorized access and greatly reduces the risk of data breaches by continuously tracking and verifying activity.
An identity-first approach focuses on identity as the throughline of the zero-trust function, ensuring that contextual and continuous authentication practices are in place before any data, application, network, or service is accessed. This strategy should include fundamental processes like continuous monitoring and authentication, micro-segmentation, advanced encryption and behavioral analytics to help prevent ransomware attacks. By adopting the following processes, you can harden your perimeter even further to prevent attacks.

Multi-Factor Authentication (MFA) With Contextual Access Management (CAM): This capability helps you make more informed access control decisions. Unlike traditional access control methods that rely solely on static permissions, CAM evaluates additional contextual factors such as the user’s location, device, behavior, time of access, and the sensitivity of the requested resource.

Least Privilege Access Policy (LPAP): To ensure that users have the minimum levels of access — or permissions — necessary to perform their job functions, apply LPAP. This reduces the risk of accidental or intentional misuse of privileges and limits the potential damage from security breaches.

Need-Based Access Token and Token Refresh: Access token refresh is crucial for maintaining security and usability in token-based authentication systems such as OAuth2. Access tokens, which grant access to resources, are renewed as needed for authentication and authorization purposes.

Session Binding Access: Session binding connects an access token to a specific session, enhancing the security of token-based authentication systems. This approach ensures that an access token can only be used for the session in which it was issued. It helps prevent the token from being misused if intercepted or stolen.

Non-Human Identity Management (NHIM): Managing identities and access rights for non-human entities, such as devices, applications, services and bots within an organization is known as non-human identity management (NHIM). As organizations add more IoT devices, microservices and automated processes, NHIM becomes key for upholding security, compliance and operational efficiency.

If your organization hasn’t taken these steps to prevent a ransomware attack, it’s time to act now to protect your company, its data, employees and most importantly, customers.