As work styles evolve and cloud services become more widespread, traditional perimeter-based security measures are becoming increasingly difficult to implement. In this context, the "Zero Trust Model" is gaining attention as a new approach to security.
In this discussion, NRI Secure’s Shu Yoshida (General Manager), Koji Tashima (SOC Manager), and moderator Mr. Hasegawa will explore security threats and trends in the era of remote work. The conversation will focus particularly on the rise in ransomware attacks and the emerging security model known as "Zero Trust," examining specific countermeasures and future outlooks from the perspective of industry experts.
Note: Glossary of ransomware and Zero Trust terms is provided at the end.
The Relationship Between Remote Work and Ransomware
Changes in Corporate Security Awareness and Measures
Evolving Ransomware Attack Methods and Countermeasures
Shu Yoshida, General Manager, NRI Secure.
Challenges in the Adoption and Implementation of Zero Trust
NRI Secure’s Shu Yoshida (General Manager), Mr. Hasegawa (moderator), Koji Tashima (SOC Manager).
The Importance of Basic Security Measures
NRI Secure’s Shu Yoshida (General Manager) and Koji Tashima (SOC Manager).
Simplified Explanation: Ransomware and Zero Trust
What is Ransomware?
Ransomware is a type of malware that encrypts files stored on a PC or system’s hard drive, essentially holding them "hostage." The attacker demands a ransom (payment) from the victim in exchange for the decryption key. Notable ransomware examples include WannaCry, which caused global damage in 2017, along with other variants like NotPetya and Nemty.
In recent years, Ransomware-as-a-Service (RaaS) has emerged, where components of ransomware can be purchased as a service, making it easier than ever for attackers to obtain these tools.
Blocking ransomware with traditional signature-based antivirus software alone is difficult. To counter it, organizations are encouraged to regularly back up data, apply system patches, strengthen email security, use EDR (Endpoint Detection and Response) solutions, and provide ongoing training for employees.
What is Zero Trust?
The Zero Trust model is a security approach that does not differentiate between internal and external networks. It assumes that no entity—whether inside or outside the network—should be trusted by default, and all access requests must be verified.
As cloud services, mobile devices, and remote work environments grow, the boundaries between internal and external networks are becoming blurred. This makes it harder to protect against threats like data breaches and malware through traditional network security measures. To address risks such as internal data leaks and increasing cloud-based security threats, the Zero Trust model has gained attention.
The concept of Zero Trust was introduced in 2010 by Forrester Research. Historically, security was based on the belief that internal networks were safe while external networks were dangerous, leading to perimeter-based security defenses. In contrast, Zero Trust follows the principle of "Verify and Never Trust."
Source: NRI Secure Security Terminology Guide