Organizations turn to zero trust, network segmentation as ransomware attacks double

The number of ransomware attacks (successful and unsuccessful) has doubled over the past two years. The average number of attacks per country among surveyed organizations rose from an average of 43 in 2021 to 86 in 2023. Organizations have responded by implementing zero trust and network segmentation strategies. That’s according to the State of Segmentation 2023 report by security firm Akamai. The vendor surveyed 1,200 IT and security decision-makers in ten countries to measure the progress organizations have made in securing their environments.

The research found that almost all (93%) respondents consider segmentation – broadly recognized as an important element of zero-trust frameworks – critical to thwarting ransomware attacks. However, deployment appears to be slow, with only 30% of organizations segmenting across more than two business critical areas in 2023.

Separate research from NCC Group published in August discovered that the number of ransomware attacks in July rose over 150% compared to last year with the actors behind the Clop ransomware responsible for over a third of them. The gang took the lead from LockBit as the top ransomware threat actor after exploiting a zero-day vulnerability in a managed file transfer (MFT) application called MOVEit in June.

Ransomware attacks continue to rise, as does their impact

The report indicated that, as ransomware attacks continue to rise, so does their impact on organizations. The greatest rise in ransomware attacks was measured between Q1 2022 and Q1 2023, according to data collected from the leak sites of approximately 90 different ransomware groups, the report read.

US companies faced the greatest number of ransomware threats with respondents reporting an average of 115 ransomware attacks over the past 12 months, the most of any individual country measured by Akamai. The US happens to be among the two countries least likely to have implemented segmentation across more than two mission-critical business areas, the report stated. The US was followed by Germany (110), Brazil (89), and China (83) as the most frequently targeted by ransomware.

Ransomware attacks also appear to be more impactful compared to two years ago, the report indicated. Respondents cited increases in network downtime (44% vs 42%), data loss (42% vs 36%), and reputational damage (39% vs 33%) following attacks.

Segmentation a key element of zero-trust security but adoption is slow

Akamai’s report indicated that segmentation is broadly recognized as an important part of zero trust security strategies. When asked why their organization began a segmentation project, the third-most common answer given by respondents was to advance zero trust.

Globally, most respondents aspire to go further and implement microsegmentation, which protects application workloads at a granular level – 89% said microsegmentation is at least a high priority, with 34% naming it as their top priority.

However, segmentation deployment has been slow in a lot of businesses, the report found. Less than a third of organizations have segmented across more than two critical business areas such as critical applications, endpoints, and business-critical assets/data in 2023, despite 44% having started a network segmentation project two or more years ago. A lack of skills/expertise for segmentation (39%), increased performance bottlenecks (39%), and compliance requirements (38%) were cited as the obstacles most often encountered when segmenting networks. On a more positive note, segmentation rates are gradually increasing overall. The percentage of organizations with segmented business-critical applications/data and segmented servers rose 12% and 8%, respectively, from 2021 to 2023.

Network segmentation ultimately the essence of zero-trust enforcement

Network segmentation is ultimately the essence of zero trust enforcement – the only connections that exist are those that are “allowed” – everything else is denied, Fernando Montenegro, senior principal analyst at Omdia, tells CSO. “Note that this is conceptual: The in-the-wire reality is a lot more complex, but network segmentation is a key part.” Segmentation (and zero trust generally) is an effective approach against ransomware threats, at least to some extent, he adds. “The key issue is that ransomware is really a complex, multi-stage extortion campaign against a target company, and determined attackers will often look to subvert internal systems via stealing user accounts and elevating privileges. In that scenario, network segmentation may offer less value (note that I did not say no value) since the user traffic will likely be allowed.”

For organizations looking to implement effective segmentation/micro-segmentation, Montenegro recommends having a keen understanding of the key organizational processes and data assets, and starting a segmentation process that considers all the ways those key assets need to be protected. “So, rather than start with a mindset of “How do I segment my networks?” it’s more of “How do I control access to my critical data?” which then translates into a broader network architecture.”