Can Zero Trust Help Solve Ransomware?
At first glance, zero trust would not appear to address ransomware. Old-school ransomware was delivered as a payload in email or by tricking a user into downloading some malware.
Yet, looks can be deceiving. A solid zero-trust implementation helps with ransomware in four ways: by reducing infection; blocking lateral network movement; blocking exfiltration of stolen data; and alerting to suspicious network activity.
How Does Zero Trust Keep Users From Infections?
Authentication is a critical step, but a full zero-trust architecture also includes posture checking to verify the state of the client, ensuring software patches, OS updates and security controls are enabled.
While everyone knows that anti-malware is important, it’s common to see infections when a user turns off anti-malware and forgets or decides not to turn it back on.
Zero trust relies on existing anti-malware tools and ensures the client is protected before giving access. If a teacher, administrator or student disables anti-malware, zero trust will block them from all other applications — a strong incentive to keep protections in place.
A zero-trust implementation also provides K-12 IT teams an opportunity to re-evaluate anti-malware. The next generation of anti-malware tools — extended detection and response, or XDR — builds a strong infrastructure around alerts and information coming from client workstations.
Client tools do more than just identify and stop malware. They also feed information to consoles, which then deliver instructions back to the clients to block network traffic or remediate an infection.
Zero-trust projects require modern and capable client anti-malware tools. A full zero-trust implementation will include assessing both client anti-malware and client management tools for capabilities and compatibility.
How Does Zero Trust Block Lateral Movement And Data Loss?
Ransomware has evolved to not only encrypt but also exfiltrate data, giving the criminals a powerful extortion opportunity.
Zero trust’s inspection and control of network traffic stops ransomware from spreading laterally or shipping sensitive data off-campus. Because zero trust controls what flows over the network, even within the data center, connections to unauthorized servers or suspicious internet sites or unapproved protocols will be blocked or throttled, and admins alerted.
For school-owned systems, such as laptops issued for home use, required anti-malware protection can extend the same restrictions to the device.
With the Family Educational Rights and Privacy Act and the Protection of Pupil Rights Amendment mandating student privacy protections, guarding against data breaches is a top priority for K–12 administrators.
In support of academic freedom and exploration, K–12 IT teams have traditionally observed a relaxed policy for outbound connections from internal networks. But zero trust doesn’t work well with this approach, which means that IT teams may have to navigate conflicting requirements between security needs on one side and students and teachers on the other.
Another issue that may rankle students and educators is that zero trust increases monitoring of network activity. Because the internal network, its servers and its users are less trusted than before, zero trust calls for a higher level of monitoring and control, even on wireless networks traditionally open to guests. K–12 IT teams implementing zero trust should make sure that this change in network posture is communicated to all users to eliminate surprises down the line.
Isn’t Zero Trust Too Complicated For K–12 IT Teams?
Zero trust isn’t a single policy or a single architecture with a single set of products. It’s a different approach to building networks and application access.
K–12 teams can re-imagine and secure their networks using zero-trust concepts and ideas from outside education, just as they’ve borrowed from other sectors in the past. K–12 IT should see zero trust as a journey, one they can undertake gradually, at their own pace.
That said, simply adopting a zero-trust attitude for networks and applications will deliver big wins, not only in reducing the risk of ransomware but in overall security for every user.