Is Stopping a Ransomware Attack More Important than Preventing One?

The sophistication and frequency of ransomware attacks is growing. According to Akamai CTO Robert Blumofe, ransomware has become “a repeatable, scalable, money-making business model that has completely changed the cyberattack landscape.” Conti, for example, the cybercrime giant that operates much like the businesses it targets – with an HR department and employee of the month – not only aims to make money but to carry out politically motivated attacks. (Learn more in our Ransomware Threat Report H1 2022.)

And although ransomware is still mostly targeted at large organizations, small to medium sized organizations are increasingly falling victim. Lincoln College in Illinois announced in May that it will close its doors after 157 years, citing a ransomware attack as a contributing cause.

How to avert a ransomware disaster

It makes sound security sense for organizations to put strong measures in place to stop ransomware from gaining access to their IT environments (often referred to as north-south movement). But our increasingly complex traffic flows coupled with distributed workforces have left many security organizations playing catch up and making tough decisions on tradeoffs. In this post-breach world, focusing on implementing microsegmentation to ensure the organization can stop a ransomware attack – rather than trying to prevent one – can be the best way to ensure there are no disasters.

Microsegmentation accomplishes two things organizations desperately need. The first is visibility. Enforcing a zero trust policy – which is the ultimate goal – begins with understanding the assets that are being protected and how they are (and should be) communicating with each other. Microsegmentation helps accomplish this using artificial intelligence (AI) and machine-learning (ML), which classifies traffic flows and labels data. Security teams then write rules with the confidence that those rules will do what’s needed: prevent malicious actions without disrupting the business.

Second, microsegmentation enables granular policies that restrict lateral movement to precisely prohibit malicious behavior without false positives. This is the coup de grace…