/ Insights / It will happen to you… why Zero Trust MUST be a technology North Star for 2021 Insights It will happen to you… why Zero Trust MUST be a technology North Star for 2021 December 18, 2020 Nathan LasnoskiIn the past month we’ve seen a tremendous increase in companies coming to us having been ransomware victims. This is in addition to the impact of Solar Winds incident and conversations about Nation State activity. These aren’t new problems we’re seeing. It’s the same general vulnerability we’ve been talking about for years, just increased in velocity. In every Ransomware case we see the company had security teams, antivirus, tooling, and funding. They didn’t however take the actions necessary to significantly mitigate Ransomware via actions taken toward Zero Trust. In some cases I’ve had conversations with customers who say, “we can’t do that here”, “we don’t have the budget”, “we have these blockers”. What I can say is that once a company has been a ransomware victim, all those excuses feel hollow. I’ve frequently talked with members of the Concurrency team after a ransomware conversation and said, “if only”. I’m frankly sick of having the “if only” conversation and much more interested in having the proactive conversation to make a difference. I’d rather help now, than help later. Consider these true costs of ransomware.Your insurance is not going to save you. Your business is not going to “just get by” during a ransomware incident. Don’t be THAT leader who is in this position.The most likely bad thingsAs I noted above, the two most likely bad things to happen to you are ransomware and targeted attack. Ransomware is what we’re seeing in companies at a frequent basis. It’s easy to execute and impactful to get money back from you. Don’t forget that the organizations running Ransomware scams are essentially businesses, albeit illegitimate, somewhat like the mob. They have a very organized, very effective scheme to extract money from you and cause enough pain that you’ll pay it. In the cases that the attack moves into the “targeted” territory, it’s likely you won’t even know they are there. They might sit dormant for months gathering information. AFTER they have got what they want, they might even then ransomware you. These are the problems that are causing 99% of the pain.