How Zero Trust and Secure Identities Can Help You Prevent Ransomware Attacks

By Danna Bethlehem, Director Identity and Access Management (IAM), Thales

With ransomware attacks on the rise in a big way, security has become a hot topic worldwide. These attacks put organizations that don’t have sufficient security measures at risk of significant data breaches. As hacks become much more sophisticated, the costs of recovering from a ransomware attack are tremendous and continue to rise.

According to cybersecurity ventures, the cost of ransomware attacks is predicted to reach over $265 billion by the end of 2031. As no industry is safe from ransomware attacks, organizations should implement effective security measures to avoid being the next victim.

Ransomware gangs shift to a RaaS model

Ransomware gangs are shifting to a raas (ransomware as a service) model and leveraging stolen or compromised identities found on the dark web. This business model of operators and affiliates gives criminals a platform for showcasing their skills and collaborating with others. Ransomware operators, therefore, do not need complex skills to access networks; they can offer their malicious techniques as easy-to-use products in the form of a franchise or an affiliate program model.

The relative ease of launching a raas attack across the web has fostered the security agencies of the us, uk, and australia to issue a joint alert warning business that:

  • Raas has become increasingly professionalized, with business models and processes now well established.
  • The business model complicates attribution because there are complex networks of developers, affiliates, and freelancers.
  • Ransomware groups share victim information, diversifying the threat to targeted organizations.

Access-as-a-service (aka initial access brokers)

a common way for criminals to gain access to an organization’s network is by relying on access-as-a-service groups, aka initial access brokers (iab).

Ransomware operators depend on iabs to reduce the need for extended reconnaissance or the time to find a method for entry. Initial access brokers provide ransomware attackers with an easy way into corporate networks, paving the way for the actual damaging attacks. The access-as-a-service marketplace is the source of the disconnect between an initial corporate breach and the subsequent attacks that follow days or even months after. As a result, security professionals argue that criminals no longer break into networks or systems; they instead simply log in.

Strengthen resilience against RaaS attacks

Organizations can take several steps to increasing their resilience against raas attacks, including:

  • Deploy multi-factor authentication for all your applications and systems, for all your users
  • Encrypt all your data-at-rest
  • Keep all operating systems and software up to date.
  • Secure and monitor rdps and make sure they are not exposed to the internet
  • Implement a user training program and phishing exercises
  • Require all accounts with password logins to have strong, unique passwords.
  • Protect cloud storage by backing up to multiple locations.
  • Segment networks
  • Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a network-monitoring tool.

Secure identities are the foundation of a zero-trust policy

The boundaries of digital enterprises cannot be confined within four walls. Identity has emerged as the frontier to defend and protect businesses against a multitude of threats, including ransomware gangs. Identity is also one of the foundational pillars of zero trust architecture, with nist and the omb memorandum highlighting the importance of securing digital identities to prevent data breaches and ransomware attacks.

In this regard, two essential practices for establishing a zero trust policy include access control and network micro-segmentation.

Access control is based on verifying and authorizing identities to access the right resources. Authentication gives us information about who the identity is, while authorization grants access for the verified identity to specific resources, apps, and data. Authentication and authorization are core elements of a zero trust policy.

On the other hand, network micro-segmentation helps reduce the threat surface by creating smaller, segregated trust zones.  Based on the principle of least privilege, users need to prove their authenticity to be able to access each trust zone. Micro-segmentation reduces the potential attack surface, hinders lateral movement between networks and systems, and ultimately limits the impact of a successful breach.

The ability to verify a user’s legitimate identity with multi-factor authentication, whether they are accessing a micro-segmented trust zone, or a service directly, forms the basis of solid security practices ensuring the identity requesting access to a resource is trusted.

Mfa is a key requirement for a zero trust architecture

“mfa is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable mfa are up to 99 percent less likely to have an account compromised,” reads a CISA advisory.

By presenting two different factors of authentication, mfa builds confidence that your identity cannot be easily compromised and places extra obstacles in the criminal’s path towards breaking into the corporate networks. Hence, mfa has become a strict requirement for implementing a zero trust architecture. “agencies shall adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent,” states president biden’s executive order on improving the nation’s cybersecurity.

However, it is important to select an mfa solution that offers the following features:

A choice of authentication methods, including phishing resistant methods such as fido and pki-based mfa, in accordance with the requirements mandated by the office of management and budget.

Flexibility and scalability to cater to diverse business needs and user authentication journeys

Low implementation and running costs

As each day passes, cybercriminals continue to develop more sophisticated ways of obtaining confidential and sensitive data that they can exploit. The world of cybersecurity must stay one step ahead with technologies and practices to secure digital identities and ensure that organizations can prevent ransomware attacks.

About the author

Danna Bethlehem AuthorDanna Bethlehem, director identity and access management (iam), thales. Danna bethlehem is passionate about product marketing, positioning, messaging, content strategy, competitive analysis, feature prioritization, and external communications for global cyber security solutions.

She loves being at the heart of promoting technology solutions that impact our lives but enjoys hiking in the desert on her time off – even through sandstorms!

Danna bethlehem can be reached online at and at our company website bethlehem is passionate about product marketing, positioning, messaging, content strategy, competitive analysis, feature prioritization, and external communications for global cyber security solutions.

She loves being at the heart of promoting technology solutions that impact our lives but enjoys hiking in the desert on her time off – even through sandstorms!

September 9, 2022

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...