A Zero Trust Approach to Information Security

By Christopher Frenz

With the pandemic ransomware attacks of both WannaCry and NotPetya devastating companies around the globe, ransomware was a prominent headline in 2017. It’s estimated that in 2017, companies recovering from these and other ransomware attacks incurred $5 billion in damages.

One of the hardest hit industries was healthcare—as readily demonstrated by the UK’s National Health Service, Erie County Medical Center, and other hospitals that fell victim to various types of ransomware. WannaCry in particular exposed just how devastating a ransomware attack can be on the healthcare industry, as it not only impacted systems that store patient data, it also resulted in the encryption of medical devices. WannaCry concretely demonstrated that vulnerabilities in medical devices have the potential to impact patient care and patient safety. This attack established a wholly new and wholly unacceptable meaning for the term denial of service.

Comprehensive guidance for preventing, mitigating, responding to, and recovering from ransomware attacks can be found in the OWASP Anti-Ransomware Guide, and security guidance for protecting medical device deployments can be found in the OWASP Secure Medical Device Deployment Standard. One particularly effective control present in both guidance sets is that of network segmentation—as a segmented network can help to isolate threats and prevent them from spreading throughout an organization.

Join me on Wednesday 26 September at GSX 2018 for Session 6133, A Zero Trust Approach to Information Security, to see how network segmentation can be taken to the next level and a zero trust network created to stop the spread of malware and other threats throughout any organization.