The recent Kaseya ransomware attack is yet another reminder of the voracity of the war cybercriminals are waging on the business world. In 2020, scan-and-exploit became the top initial attack vector for surveyed organizations, surpassing phishing, according to the 2021 IBM X-Force Threat Intelligence Index. The report goes on to note that manufacturing was the second-most attacked industry in 2020 for respondents, up from eighth place the year prior, and second only to financial services. 

What’s behind these attacks?

Companies have invested a great deal in building castle-and-moat protections against external threats, focusing on protecting the DMZ or perimeter zone. In a world of known threats and less sophisticated techniques, this protection model worked reasonably well. But times have changed. 

Cybercriminals can be well resourced and tenacious and even backed by nation-states. They can leverage ever more sophisticated tools, such as Ransomware-as-a-Service, and can be incentivized by cryptocurrencies with their strong liquidity and poor traceability. As a result, they are well positioned in the arms race against traditional perimeter defenses. Clearly, it is time to consider a zero trust approach to help protect your most valuable resource—your data.

The rise of zero trust 

The problem with the castle-and-moat model is the primary focus on external defenses. Once inside, cybercriminals can generally move freely around without much impediment and wreak havoc. This has led to a broadening of the security perspective to encompass internal security, with what is termed the zero trust model. 

The Biden administration in the United States, recently issued an Executive Order calling for advancement towards a zero trust model within the federal government and among federal contractors. Subsequently, in response to multiple high-profile ransomware attacks, the White House also issued a memo to business executives urging them to protect against the threat of the ransomware. Such a model is an “evolving set” of concepts that move beyond “defenses from static, network-based perimeters” according to the National Institute of Standard and Technology (NIST) 

When a cybercriminal or organization has breached a perimeter and has access to your secure environment, typically they will start a stealth scan to build a map of your network. They will enumerate the server they are on for all its credentials and then will try those credentials on your other servers to travel laterally. Most breaches move from computer to computer over standard protocols such as SSH, FTP, SFTP, HTTP, and HTTPS. This means you need to have a strategy for restricting the spread or movement within your organization.  

Zero trust to protect your file transfers 

At IBM, our Sterling Secure File Transfer (SFT) solution is designed to align with a zero trust approach and harden servers to help reduce the possibility for ransomware or malware to travel laterally. The aim is to protect the inside of the castle – or inside the DMZ – to help safeguard internal intellectual property and assets. A zero trust approach requires securing and regulating movement between internal computers and servers and we begin by removing untrusted protocols.  

Our SFT solution is designed to include IBM Sterling Connect:Direct which uses a security-hardened protocol. When malware reaches out internally, it will not know how to ‘talk’ to the protocol. It can also check the IP address from the server that has requested access, and if that IP address is not on the internal list of trusted servers, which can be consistently updated, the receiving server automatically drops the session.  

In addition to these two internal security checkpoints, Connect:Direct can have additional checkpoints to further help prevent the spread of malware to another server. The malware also needs the correct credentials, which can be increased for additional protection of high-value servers, and only files with a specified name may be transferred.  

Each server that uses Connect:Direct becomes a checkpoint – and choke point – for malware. This zero trust approach in Connect:Direct hardens infrastructure and includes capabilities for zero trust practices for communications that can help mitigate risks of traditional protocols using FTP, SFTP and SSH. SFT can also encrypt data at rest and in transit, and provides multifactor authentication helping implement a zero trust strategy for your file transfers. 

So, if you have a traditional castle-and-moat security model, I urge you to consider implementing or expanding your zero trust strategy to help protect what is most valuable inside of your organization. You can start small and add more protections over time. The key is to begin now because the war will continue to escalate.  

Watch IBM Secure File Transfer (SFT) in action in this demo

Was this article helpful?

More from Manufacturing

10 manufacturing trends that are changing the industry

5 min read - Manufacturing has undergone a major digital transformation in the last few years, with technological advancements, evolving consumer demands and the COVID-19 pandemic serving as major catalysts for change. To maintain their competitiveness and overcome today’s challenges, manufacturers have had to make agility and adaptability top priorities. Here, we’ll discuss the major manufacturing trends that will change the industry in the coming year. 1. Digitalization and Industry 4.0 Digitalization has had a profound impact on the manufacturing sector, enabling businesses to…

The future of order management solutions: freedom of choice and flexibility

5 min read - In the wake of the pandemic and global supply chain issues, businesses have realized the importance of technology innovation to deliver truly superior retail customer experiences. But without real-time reliable views of inventory, shipments and automated order orchestration processes, retailers are unable to deliver on order promises. Businesses need robust order management solutions (OMS) that can drive customer satisfaction, increase fulfillment profitability and support new digital and in-person customer experiences. These solutions must enable businesses to pivot quickly to support…

The missing link: Why visibility is essential to creating a resilient supply chain

5 min read - Supply chain visibility has been the missing link since the shockwaves of 2020 rippled throughout the world and consumers felt the impacts of broad-based supply chain issues. But what does supply chain visibility mean? It’s generally defined as the trackability of parts, components or products in transit from the manufacturer to their destination—with the goal being to improve and strengthen the supply chain by making data visible, actionable and readily available to all stakeholders, including the customer. While it’s clear…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters