Welcome to the fifth and final post from Forcepoint's Future Insights series, which offers insights and predictions on cybersecurity that may become pressing concerns in 2022.
Future Insights 2022 eBook
Here is the next post from Petko Stoyanov, Forcepoint's Global Chief Technology Officer:
Ransomware has become the sleeper agent of cybersecurity. A sleeper agent is a spy that worms their way into a country or organization and behaves normally until they’re called upon to act out their mission months or years down the road. In the case of ransomware, everyone thinks the often disastrous and harmful effects happen immediately. If I’m your colleague and email you a document, chances are you’d open it. Once activated, the malware could overwhelm and compromise your system in seconds, if that’s the intent. But not always.
More often, the malicious ransomware code could incubate and stay hidden for months, only to be activated on a certain time, like a specific day, even timed to the phase of the moon. And over the course of months, the malware can slowly spread, encrypting things—not all at once but little by little—taking things that were once good and exploiting them to do bad things throughout the organization or ecosystem. Like I said, sleeper agent.
So how are we supposed to build resilient systems and continue operating our businesses or governments in light of the rising ransomware threat?
More detection is not the solution
Global enterprises and governments, both federal and local, have invested billions in trying to detect and thwart ransomware. Detection is an important part of a resilient infrastructure, but it could take six to nine months for us to see data breaches come to light. Obviously, more detection is not the solution. As an industry, we’ve failed at detection. We’ve tried to do it for decades. Every time we innovate, the bad guys find a way to circumvent it. In recent years we leaned into machine learning and AI-based malware detection tools. Innovations like AI are useful, but guess what, the bad guys are also using AI and deep fakes. The innovation arms race hasn’t eliminated or reduced threats like ransomware. Instead, ransomware attacks continue to escalate in scope and financial impact.
In response, our industry has embraced Zero Trust architectures and explicit-trust approaches, but most Zero Trust journeys have focused largely on identity and access. The recent evolution in hybrid workforces and digital transformation, and their concomitant usage of content and electronic information everywhere, are leading indicators of where Zero Trust must go next: data.
Forcepoint Future Insights 2022
Shifting to 100% prevention
It’s no understatement that data is the central nervous system of an organization. Data is ubiquitous and practically standardized, from PDFs and email to web pages and databases. Companies must rethink their perimeter, because the perimeter is now wherever data is used. Put another way: if you focus on authentication and detection, you may be successful at knowing who a person is on the network and what they’re allowed to access. But you might not know what they’re accessing and why.
Analytics tools are incredibly useful for helping pinpoint moments of potential risk, but it’s still very much like looking for a needle in a haystack. If we follow Zero Trust, then let’s not trust any of the assets coming into the network in the first place. In a model of 100% prevention, you decide that all content is bad and sanitize everything, regardless of source.
All or nothing, or simply nothing, is radical thinking, but existential threats like ransomware demand a fresh approach. Business and cybersecurity leaders must embrace Zero Trust content transformation technologies like content disarm and reconstruction (CDR) that have matured for the enterprise. CDR assumes all files coming into your network have malware. CDR intercepts a document at the network boundary, re-creates the content from scratch, and delivers it clean and safe to the intended recipient. It won’t matter if a cyber thief hijacked a supplier partner email account to manipulate me (fat chance) into clicking an infected attachment. The file will be clean before the email even lands in my inbox. Threat prevented.
In these times, we need unconventional approaches to defend our economies, our critical infrastructure, and our way of life. When cybersecurity can enable business-as-usual, then we will see more opportunities for the industry. The hyperscaling of IT resources required to match today’s hybrid workforce demands calls for an equal scaling of cybersecurity capabilities. Whereas they were willing previously to implement racks of point products, more and more customers are asking for integrated cloud deployment models. They will want to make cybersecurity as simple as a service, like flipping a switch to deploy threat removal, data security, firewall, web security and other capabilities wherever they need it and whenever they want.
As enterprise and government agency leaders continue maturing their digital transformation efforts, they’re recognizing the business enabler that is cybersecurity. The Zero Trust journey will continue as organizations look to proactively prevent compromise and stop trying to detect or react to threats. This makes me optimistic about the next year and the years after that.
Future Insights Takeaways:
- 100% prevention becomes the standard as organizations will fully embrace Zero Trust principles. Cyber teams will assume everything is bad, sanitize it all, and ensure least privileged access.
- Convergence and hyperscaling of capabilities will be the norm as we’ll see simplicity enabled by maturation of SASE and cloud security as-a-service..
- Threat removal can scale for enterprises and governments: no longer a niche use case, the combination of CDR, SWG, and RBI technology working together will give an organization more than a fighting chance against ransomware attacks.