You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius

Lately, I’ve started wondering if the biggest risk concerning cyberattacks is that we’re becoming desensitized to them. After all, businesses experience a ransomware attack every 11 seconds—the majority of which the public never hears about. Faced with this reality, it may seem like your efforts to safeguard the enterprise are futile. But that’s all the more reason to strengthen your resolve—and switch up your cyber defense strategy. The core of this strategy is the concept of “reducing the blast radius” of an attack. Since you can’t completely eliminate cyberattacks, you need to take steps to contain the impact. Let’s review some elements of this strategy, starting with some basic blocking and tackling that you should already be doing (and if you’re not, consider this your wake-up call!). Zero Trust Remote Access With the advent of ubiquitous remote access, every laptop, phone and tablet has become a potential threat vector for malware seeking to access the corporate network. A virtual private network (VPN) can’t address this if a “trusted” device seeking access is infected. You need a Zero Trust approach to remote access. Zero Trust ensures that all access to your corporate systems is tightly controlled according to a “least privilege” principle, replacing implicit trust with verification. In the most robust Zero Trust implementations, access requests are sent to a reverse proxy that applies policy-based security controls before sending a virtualized version of the…