How zero trust security architecture arms SMBs against ransomware attacks

Professional woman casually working from home on a laptop protected against ransomware attacks by zero trust security architecture

Ransomware is anything but a new phenomenon, having “reared its ugly head” in 1989—and it’s not going away any time soon. In fact, during the first half of 2022 alone, there have been as many as 236.1 million ransomware attacks globally. Cyber attacks come at a very high price—the average ransomware payment in Q2 2022 was $228,125, not including the cost to repair damage from loss of business or reputation. With ransomware attacks becoming ever more sophisticated and quicker to infiltrate its target—in as little as 45 minutes—ransomware is a formidable, and growing, threat. But what exactly is ransomware, and how can it be prevented?

Ransomware Defined

The website defines ransomware as: “… a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.”

Case in point: In July 2022, Kaseya, an information technology management software provider, was attacked by REvil, a cybercrime organization linked to the Russian government. Kaseya customers reported ransomware attacks being executed on endpoints of its software package. Yet despite attempts by Kaseya to prevent the spread of any malware, the damage was devastating. The Washington Examiner reported that up to 1,500 businesses were affected by the attack.

Cyber attacks are a growing concern among businesses—the numbers bear it out. According to IDG, 67% of IT leaders at SMBs reported that time spent mitigating cyber attacks has increased since the pandemic began. More than two thirds (68%) say their organizations are highly concerned about the possibility of a data breach.

Eight in ten (82%) consider it challenging to avoid cyber attacks with current technology; 52% consider it highly challenging. A majority (88%) consider it highly valuable to require agents to reauthenticate before modifying or creating potentially sensitive automated tasks in their IT support tools.

An Industry First: Zero Trust Applied to RMM

Fortunately, there is good news on the cyber security front. GoTo Resolve, a leading software provider of SaaS and cloud-based remote work tools now arms SMBs with zero trust security architecture for remote IT software—giving the businesses more than a fighting chance when deploying RMM (remote monitoring and management). That’s especially critical when you consider that remote access and execution—or IT automation—are high-value targets for malicious actors.

GoTo Resolve’s zero trust security architecture deploys a strict security protocol that takes a “trust no one, verify everyone” approach within software or an IT environment. It goes well beyond traditional cyber security, which allows unlimited access within the trust zone; once inside, a malicious actor can wreak havoc.

Zero trust security goes by the assumption that there are multiple entry points into a piece of software or an IT infrastructure—not just a traditional user login, but potentially through software backdoors, APIs (Application Program Interfaces) and more. As such, any sensitive actions or information should invoke an additional verification point. The result: each endpoint is protected by having to reauthenticate before each and every automated task is performed. More specifically:

  • The applet on a remote device accepts commands from authorized agents only.
  • Agents must create and use a unique signature key to reauthenticate sensitive tasks.
  • This key is only known to the agent, not to the software provider, and cannot be compromised online.
  • Even if a malicious actor hacks into the backend or phishes login credentials, the attacker cannot change or create new automations for endpoints without the signature key.
  • Endpoints obey only their signed commands.

The Answer to the Cyber Attack Challenge

Today, businesses are fully adopting to remote and hybrid work. IT teams must secure a highly fluid workforce. With endpoints everywhere and on different networks, traditional, on-premises security measures no longer offer the best protection. Now more than ever, it’s critical that SMBs protect their devices against ransomware attacks with the industry’s first-of-its-kind, zero trust remote access software.Get GoTo Resolve, free.