Cisco’s Barry Yuan Believes That Companies and Organizations Need To Adopt a ‘Zero Trust’ Approach To Defend Against the Rise In Ransomware Attacks
By Jorge González-García
In a business or personal relationship, you need a lot of trust between the two partners to make things work. To combat the rising tide of ransomware attacks worldwide, you need just the opposite. You need ‘Zero Trust.’ Just ask Barry Yuan, Security Technical Solutions Architect at Cisco.
His company is one of Silicon Valley’s best known tech firms. It provides the networking technology that enables a large part of worldwide computer-based communication. The firm is considered the market leader in routing, switching, wireless communication and security equipment and services. Cisco reported fiscal year 2021 revenue of $49.8 billion.
“What’s happening lately is a ‘Zero Trust’ approach and it’s a fundamental change,” Yuan says. “In the past, we basically held a stick at the door to guard our assets, firewall and what not, because we had a very clear perimeter. But now that’s gone because a lot of organizations are adopting cloud networks and remote work.”
“’Zero Trust’ changes the whole thing,” he adds. “It means that trust has to be earned on a transaction basis. Each user needs to prove who they are, and then they’re granted access to the applications they’re entitled to use. With ‘Zero Trust,’ we’re able to support all kind of user scenarios, including cloud, mobile and hybrid environments.”
Yuan spoke at the January 2022 Information Security Symposium hosted by NSF-ISR, a global management systems certification organization based in Ann Arbor. The theme of the symposium was the importance of creating a culture of security compliance within businesses and organizations to protect against cyber threats.
Yuan described the tough ransomware landscape he sees every day. “2021 was another disruptive year. The total cost of ransomware last year was $20 billion dollars. On average, it cost each victim two million dollars to recover from an attack. The average ransom demand is now $220,000, up 40 times in four years.”
“There were healthcare companies, government entities, businesses, even a cyber insurance company. In 2021 we also had the largest ransomware demand, $50 million from Acer. And there was Colonial Pipeline, which was forced to shut down, causing a severe gas shortage in the East.”
Yuan poses a critical question: “What have we learned from all these incidents?’ A lot of businesses didn’t realize how critical their systems, computers, data and infrastructure were. Because it’s like tap water, right? You turn it on and water always comes out. You tend to take it all for granted. Until you get locked out.”
That’s where ‘Zero Trust’ comes in. “One example that’s part of the “Zero Trust” approach is multifactor authentication,” Yuan says. “It’s very effective against ransomware, especially stolen credentials. So we add another factor, something you know, like your password.”
“We ask what you own or where you are. It could be a one-time password or something like your fingerprint or your facial ID. The attackers won’t know and they won’t have them, so we can block them. And security administrators will be alerted on these failed attempts.”
In Barry Yuan’s world, ‘Zero Trust’ is a game changer against ransomware attacks. Words of wisdom from the Security Technical Solutions Architect at powerhouse firm Cisco. For information security professionals guarding their network and cloud infrastructure. And who would rather not be the ones advising their corporate board of a new ransomware demand.
© Copyright, Jorge González-García, October 2023