As work styles evolve and cloud services become more widespread, traditional perimeter-based security measures are becoming increasingly difficult to implement. In this context, the "Zero Trust Model" is gaining attention as a new approach to security.
In this discussion, NRI Secure’s Shu Yoshida (General Manager), Koji Tashima (SOC Manager), and moderator Mr. Hasegawa will explore security threats and trends in the era of remote work. The conversation will focus particularly on the rise in ransomware attacks and the emerging security model known as "Zero Trust," examining specific countermeasures and future outlooks from the perspective of industry experts.
Note: Glossary of ransomware and Zero Trust terms is provided at the end.
Shu Yoshida, General Manager, NRI Secure.
NRI Secure’s Shu Yoshida (General Manager), Mr. Hasegawa (moderator), Koji Tashima (SOC Manager).
NRI Secure’s Shu Yoshida (General Manager) and Koji Tashima (SOC Manager).
Ransomware is a type of malware that encrypts files stored on a PC or system’s hard drive, essentially holding them "hostage." The attacker demands a ransom (payment) from the victim in exchange for the decryption key. Notable ransomware examples include WannaCry, which caused global damage in 2017, along with other variants like NotPetya and Nemty.
In recent years, Ransomware-as-a-Service (RaaS) has emerged, where components of ransomware can be purchased as a service, making it easier than ever for attackers to obtain these tools.
Blocking ransomware with traditional signature-based antivirus software alone is difficult. To counter it, organizations are encouraged to regularly back up data, apply system patches, strengthen email security, use EDR (Endpoint Detection and Response) solutions, and provide ongoing training for employees.
The Zero Trust model is a security approach that does not differentiate between internal and external networks. It assumes that no entity—whether inside or outside the network—should be trusted by default, and all access requests must be verified.
As cloud services, mobile devices, and remote work environments grow, the boundaries between internal and external networks are becoming blurred. This makes it harder to protect against threats like data breaches and malware through traditional network security measures. To address risks such as internal data leaks and increasing cloud-based security threats, the Zero Trust model has gained attention.
The concept of Zero Trust was introduced in 2010 by Forrester Research. Historically, security was based on the belief that internal networks were safe while external networks were dangerous, leading to perimeter-based security defenses. In contrast, Zero Trust follows the principle of "Verify and Never Trust."
Source: NRI Secure Security Terminology Guide