Ransomware attacks drive Zero Trust security adoption — Sophos

Organizations that had experienced a ransomware attack in the previous year, defined as multiple devices being impacted but not necessarily encrypted, reported considerably higher levels of awareness of the Zero-Trust approach. This is one of the key findings of the latest study from cybersecurity solutions firm Sophos.

The survey was conducted by research house Vanson Bourne on behalf of Sophos in 2021 and involved 5,400 IT professionals in organizations with between 100 and 5,000 employees.

IT professionals in organizations that had been hit by ransomware in the previous year are almost 50% more likely to be “very familiar” with the ZTNA approach than those whose organizations hadn’t experienced an incident (59% vs 39%). It rises to 71% among those whose organizations had been hit and paid the ransom, according to Sophos.

Sophos launches new solution to strengthen connectivity at access layer
Sophos extends adaptive cybersecurity ecosystem with Zero Trust Network Access

The survey also found one quarter (25%) of those whose organizations experienced a ransomware attack in the previous year have already fully adopted a Zero-Trust approach, rising to 40% of those whose organizations were hit and paid the ransom. In comparison, just one-sixth (17%) of those that hadn’t experienced an attack had already fully migrated to this approach.


ZTNA demands verification of every endpoint, server, and user before granting access to an application or any part of the network. As adversaries grow ever more skilled in exploiting remote tools and credentials and turning a target’s security policies against them, a defense-in-depth approach to security based on the concept of “trust nothing, verify everything” is becoming the benchmark for protection.

The rapid increase in remote working over the last two years has hugely increased the opportunity for attackers to exploit vulnerable VPN clients to get a foothold in an organization. Once inside, they are often free to move laterally throughout the network, escalating privileges and progressing the attack.

By eliminating vulnerable VPN client software, granularly controlling access based on device health and identity, and micro-segmenting applications, ZTNA stops attackers from breaching the organization and moving around it, even if they obtain legitimate credentials.


The Sophos survey saw the pandemic was more likely to impact the Zero-Trust adoption plans of ransomware victims positively. Half (50%) of ransomware victims and 36% of non-victims reported that the pandemic enabled them to move budget to adopt a Zero-Trust approach. At the same time, many said that it helped them to divert people and/or money from other activities to Zero Trust.

The respondents differ on their reasons for adopting a Zero-Trust approach. Many of them want to improve our overall cybersecurity posture while the others (43%) want to simplify the security operations. Ransomware victims are also heavily motivated by “supporting our move to increased use of the cloud” (42%). It dropped to 30% amongst those that hadn’t experienced a recent attack.

Ransomware victims were also much more likely to say that “to move from a CAPEX to an OPEX model” was one of the main factors behind their Zero-Trust approach adoption (27% vs 16%, and rising to 34% among those that had been hit by ransomware and paid the ransom)

Sophos recently launched Zero Trust Network Access (ZTNA), which provides a much more secure and easy-to-manage remote access solution that delivers end-users a transparent, frictionless experience.

Categories: Uncategorized

Tagged as: , , , , ,