By Sally Adam, Marketing Director at Sophos
Organizations with recent direct experience of a ransomware attack have considerably higher adoption of zero trust network access (ZTNA) technology than those that haven’t fallen victim.
A study of 5,400 IT professionals has revealed a correlation between direct experience of ransomware and adoption of a zero trust approach.
Organizations that had experienced a ransomware attack in the previous year (defined as multiple devices being impacted but not necessarily encrypted) reporting considerably higher levels of awareness of the zero trust approach and were more advanced in their implementation of zero trust network access (ZTNA) solutions than those that hadn’t experienced an incident.
It is likely that these organizations’ direct experience of ransomware accelerated the implementation of a zero trust approach to help prevent future attacks.
The findings result from an independent survey of 5,400 IT professionals in organizations with between 100 and 5,000 employees that was conducted by research house Vanson Bourne on behalf of Sophos in 2021.
Breaching the victim’s network is one of the first steps in a ransomware attack. The rapid increase in remote working over the last two years has hugely increased the opportunity for attackers to exploit vulnerable VPN clients to get a foothold in an organization. Once inside, they are often free move laterally throughout the network, escalating privileges and progressing the attack.
By eliminating vulnerable VPN client software, granularly controlling access based on device health and identity, and micro-segmenting applications, ZTNA stops attackers from both breaching the organization and from moving around it, even if they obtain legitimate credentials.
[To learn more about the role of lateral movement in ransomware attacks, read the Sophos research report Windows Services Lay the Groundwork for a Midas Ransomware Attack that details how adversaries exploited remote services and access tools to hold a technology company to ransom.]
IT professionals in organizations that had been hit by ransomware in the previous year are almost 50% more likely be ‘very familiar’ with the ZTNA approach than those whose organizations hadn’t experienced an incident (59% vs 39%). This rises to 71% among those whose organizations had been hit and they paid the ransom.
Further illustrating this point, just 10% of ransomware victims have little or no familiarity with ZTNA, compared with 21% of those whose organization hasn’t fallen victim.
One quarter (25%) of those whose organization experienced a ransomware attack in the previous year have already fully adopted a zero trust approach, rising to 40% of those whose organizations were hit and paid the ransom. In comparison, just one sixth (17%) of those that hadn’t experienced an attack have already fully migrated to this approach.
Respondents were asked about their motivations for adopting a zero trust approach and, while there were several commonalities, there were also clear areas of difference.
For many organizations the pandemic had a positive impact on their plans for adopting a zero trust approach. For many, it created a need for zero trust that they didn’t have before. This is understandable: many companies and public bodies were previously wholly office-based and so didn’t have a need to provide secure remote access.
Half (50%) of ransomware victims and 36% of non-victims reported that the pandemic enabled them to move budget to adopting a zero trust approach, while many also reported that it enabled them to divert people and/or money from other activities to the move to zero trust.
The survey findings highlight that organizations that fell victim to ransomware and paid the ransom were most likely to experience a positive pandemic impact on their zero trust adoption. It seems that pain of the ransomware attack might have concentrated minds and resources on effectively mitigating a future incident.
Sophos ZTNA is a much more secure and easy-to-manage remote access solution that delivers a transparent, frictionless experience for end-users.
With the average cost of ransomware remediation now $1.85 million for small and mid-sized organizations, moving to secure remote access via Sophos ZTNA is a sensible investment.