Reinforce Your Data Fortress: How Zero Trust Can Help Reduce Your Risk of a Ransomware Attack

Ransomware continues to be a major source of risk for virtually every industry and vertical in every country. From education, government, and healthcare, to finance, consulting, and manufacturing. For-profit companies are as much a target as not-for-profit. The question most CIOs and CISOs are asked by the Board and the Executive Team is, “Are we protected from a ransomware attack?” As a security leader, the answer you want to give to that question is, “Yes we are!” But how do you protect yourself from a ransomware attack? You know you want to do more than have a great 3-2-1 backup strategy. Great backups are table stakes in the ransomware defense playbook. With great backups you can recover quickly from an attack. What you really want is to have a way to prevent or at least limit the blast radius if an attack happens. A good strategy to reduce the risk of a successful ransomware attack is to implement the family of principals and controls outlined in the NIST Zero Trust Architecture (SP 800-207). Remember, the goal of the criminals in a ransomware attack is to steal and encrypt your data. They want to attack the availability leg of our CIA triad, namely the availability of your data. In this presentation, industry thought leader John Bruggeman will review the general components of zero trust, review how you can do a readiness assessment that will let you know where you are in your ZT journey, and how a ZT framework reduces your risk of a ransomware attack.