Why CISOs need zero trust as a ransomware shield

This year is on pace to be the second-costliest for ransomware attacks ever, with threat actors relying on new deceptive approaches to social engineering combined with weaponized AI. The recent MGM breach began with attackers studying the social media profiles of help desk employees, then calling the help desk and impersonating them to get privileged access credentials and logins.

Zero trust security needs to be a mindset that pervades everything from consolidating tech stacks to managing identities at scale. CISOs and their teams must start with the assumption that a breach has already happened, and an organization’s network needs to be designed to limit an intrusion’s blast radius and depth.

“Zero trust requires protection everywhere — and that means ensuring some of the biggest vulnerabilities like endpoints and cloud environments are automatically and always protected,” said Kapil Raina, VP of zero trust marketing and evangelist ...