In this environment, the likelihood of a ransomware encounter in any medium or large organisation is far greater. An organisation’s defensive strategy must anticipate these events and limit what a single compromise can yield to the attacker.
That requires both limiting the amount of data accessible from any given device or account and investing in ways to detect and respond faster.
A zero-trust approach
According to the ITRC, the current threat environment warrants a “zero-trust” approach to security. That is to always verify access to a system or to data.
Zero-trust is about getting back to information security basics. It recognises it is no longer sufficient to decide whether a device or user is trustworthy exclusively on whether it has previously authenticated to an internal network.
It also recognises modern approaches to identity and access management can enforce the “principle of least privilege” without imposing additional friction on users.
Users and devices must instead authenticate every time they access applications and data and every authentication should assess a broader set of contextual information about the request. This should include user context (such as the relative strength of the authenticator used to prove their identity), device context (whether the device is known/registered, managed, and demonstrating a strong posture) and network context (whether the request came from a known and reputable network location/IP type).
These assessments should also take behaviour into account: is a user identity typically associated with this device and network?
The primary enablers for zero-trust is a policy engine that can assess this context, controls (like multifactor authentication) used to challenge users to prove their identity and an ability to easily log, monitor and respond to events indicative of account compromise.
Are we there yet?
According to Okta’s zero-tust report, business leaders in Australia and New Zealand are aware of the threat posed by ransomware and are actively investing in the technology and processes required to mitigate it.
The research revealed 85 per cent of organisations in Australia and New Zealand plan to implement some form of zero-trust in 2022. Most identified they currently fall on the lower end of the maturity curve.
Given the elevated threat environment, it’s critical company directors remain engaged and supportive of efforts by information technology and security teams to reduce their risk exposure.
Brett Winterford is Chief Security Officer for Asia Pacific at Okta