Ransomware Article

Twice as many organizations have found themselves in the crosshairs of ransomware cybercriminals, with incidents climbing from an average of 43 per country in 2021 to a soaring 86 in 2023. This chilling rise has spurred companies to shore up defenses, rallying around the zero trust model and carving out their networks into secure segments. This shift is echoed in the “State of Segmentation 2023” report by Akamai, which drew insights from 1,200 IT wizards and security chiefs across ten nations.

Diving into a digital fortress, the concept of ‘network segmentation,’ is now the shield of choice against these extortion-driven cyber sieges. Yet, this crucial strategy is unrolling at a snail’s pace, with a mere 30% of firms drawing lines around more than two of their digital nerve centers this year.

While the grim stats unveil a rampant rise in ransomware’s fury, a study from NCC Group throws the spotlight on July’s staggering 150% surge in such attacks compared to the previous year. The infamous Clop ransomware syndicate emerged as the kingpin, seizing the reins through a zero-day flaw in a widely used MOVEit application.

The stakes have never been higher for U.S. enterprises, which topped the global list with 115 ransomware showdowns in a year, outpacing Germany, Brazil, and China. The fallout has been brutal—increased shutdowns, data thefts, and smeared reputations.

Despite the consensus on segmentation’s role in the zero trust doctrine, businesses are struggling to cut their networks into safer slices. It’s not for want of ambition—nearly nine in ten yearn to achieve microsegmentation’s promised land, where every byte of data is sealed off in its protective bubble.

The hurdles? A skills shortage, bottlenecked performance, and red tape. Yet, the tides are turning slowly, with segmentation steadily gaining ground within vital business precincts.

Fernando Montenegro of Omdia paints network segmentation as the heartbeat of zero trust security, where trust is not granted by default, but earned by verification. He cautions, however, that against the intricate ransomware campaigns that hijack internal systems and user privileges, segmentation might have its limits—but it’s far from powerless.

For businesses aiming to fortify their digital realms, Montenegro suggests a deep dive into the company’s vital operations and data treasures, pivoting the strategy from simple segmentation to robust, data-centric access control, crafting a fortress that’s as resilient as it is responsive