Ransomware attacks are back in the news with vengeance, striking several high profile victims. There are almost too many attacks to list. For 2023, Zscaler’s ThreatLabz researchers saw an almost 40% increase in attacks.
What’s more, the targeting by ransomware raiders is indiscriminate, much of it driven by a growing as-a-service business model, where affiliates buy or hire malware from the criminals that develop it.
Threats against public sector agencies in Australia and elsewhere are on the rise. Recently, computer systems in Indonesia’s national data centre were encrypted by a variant of the infamous LockBit 3.0 ransomware, with criminals trying to extort US$8 million from the government, a sum that is unlikely to be paid.
The attack disrupted important public services. Immigration processing systems and web-based school and university enrolment are offline, causing delays and queues at airports, for example. [https://www.itnews.com.au/news/cyber-attack-compromised-indonesia-data-centre-609111 ]
Nobody’s safe, and government agencies face the same level of threat as private organisations.
“Use a VPN”... actually, maybe don’t do that
Defending against ransomware and other attacks while providing flexible and effective IT services for employees working remotely complicates the security equation immensely.
Standard practice to secure remote access to an organisation’s in-house IT resources is to use a virtual private network (VPN).
A VPN is a tool that sets up an authenticated and encrypted tunnel for data communication across a public network like the Internet between a worker’s device and an organisation. Such a VPN tunnel provides staff access to the business systems and resources they need for their work, such as internal messaging, collaboration tools, file sharing servers, and more.
If you read that last sentence again, it’ll tell you exactly why VPNs are a risky proposition.
At a high level, VPNs expand an organisation’s internal network into the outside world where security is an unknown quantity.
When you consider that remote access is often through broadband networks over unpatched consumer grade routers, and over devices being used for other purposes than work, then that’s probably not something you want to expose your staff and organisation to.
VPN software can also be difficult to configure appropriately, and have vulnerabilities that attackers are quick to exploit. Even cloud-based VPNs and those built into hardware appliances can be risky to use in that context, as threat actors that crack the security of trusted remote users through for example phishing have open slather.
Once inside an organisation’s network, attackers are able to move freely to reconnoitre for valuable data, turn off and delete backups, and set up file encryptors in preparation for ransomware attacks. Security experts call that situation “game over”.
Never trust, always verify
What is the answer then? Zscaler’s solution is to remove VPNs from the remote access equation, and to implement Zero Trust Network Access or ZTNA. With a Zero Trust mindset, an organisation prepares for the eventuality of users being compromised through policies that deny threat actors the easy access they’ve enjoyed for their attacks.
Security policies are applied on the basis of least-privileged access to systems and resources, with staff required to use multi-factor authentication ; their devices are required to meet necessary security criteria, there is monitoring of traffic, and Zscaler’s ZTNA uses software defined micro-segmentation of networks to limit access to required areas and nowhere else.
The result of Zscaler’s Zero Trust Architecture is simpler network infrastructure, and a better user experience. More importantly, cyber threat defence becomes easier and manageable as data and resources become protected, be it in a hybrid cloud or multicloud environment.
Northern Beaches Council retire VPNs
At the local government level, Zscaler’s Zero Trust Architecture can be seen in action at the Northern Beaches Council, NSW.
Three products, Zscaler Zero Trust ExchangeTM platform, Zscaler Internet AccessTM (ZIATM) and Zscaler Private AccessTM (ZPATM) replaced several legal solutions, and retired stacks of VPN appliances that the council was using for remote access before.
Now, over 2000 users serving 266,000 residents are protected with Zscaler’s unified, comprehensive Zero Trust platform that has simplified the council’s technology set-up, and improved its security posture.
“Security was difficult to manage and our risk to threats was increasing,” said Michael Turner, Chief Technology Officer at Northern Beaches Council. “Retiring legacy solutions with a unified platform like Zscaler has been an empowering step on our zero trust journey."
Moving to Zero Trust paid off for the council, as evidenced by the statistics that show almost 10,000 security threats were prevented, along with over 3 million policy violations over three months.
During that same period of time, Zscaler Zero Trust Exchange platform filtered a whopping 78 terabytes of traffic for the council, while processing over a billion transactions.
Improved filtering of traffic, advanced threat protection, real-time defences against malware and data loss are provided under Zscaler’s Zero Trust umbrella, which covers council employees and residents alike.
Importantly, re-engineering the council’s security architecture to incorporate the Zscaler Zero Trust Exchange platform has not just bolstered its robustness, but reduced administrative overhead.
The end result of that is more time to provide residents with often complex services securely and reliably, without having to sleep with one eye open as in the past when VPNs were in use.