April 2022

· 3 min read

Cisco’s Barry Yuan on Adopting a ‘Zero Trust’ Approach

Yuan recommends building a culture of compliance within operations, with a “zero trust” approach as an effective response to ransomware threats.

In a business relationship, you need a lot of trust between the two partners to make things work. To combat the rising tide of ransomware attacks worldwide, you need just the opposite. You need “zero trust.” Just ask Barry Yuan, Security Technical Solutions Architect at Cisco.

His company is one of Silicon Valley’s best-known tech firms, providing the networking technology that enables computer-based communication. The firm is considered the market leader in routing, switching, wireless communication, and security equipment and services. Cisco reported fiscal year 2021 revenue of $49.8 billion.

“What's happening lately is a ‘zero trust’ approach, and it’s a fundamental change,” Yuan says. “In the past, we basically held a stick at the door to guard our assets, firewall and what not, because we had a very clear perimeter. But now that’s gone because a lot of organizations are adopting cloud networks and remote work.

“Zero trust changes the whole thing,” he adds. “It means that trust has to be earned on a transaction basis. Each user needs to prove who they are, and then they’re granted access to the applications they’re entitled to use. With zero trust, we’re able to support all kinds of use cases, including cloud, mobile and hybrid environments.”

Yuan spoke at the recent Information Security Symposium hosted by NSF-ISR, a global management systems certification organization based in Ann Arbor. The theme of the symposium was the importance of creating a culture of security compliance within businesses and organizations to protect against cyber threats.

Yuan describes the tough ransomware landscape he sees every day. “2021 was another disruptive year. The total cost of ransomware last year was $20 billion. On average, it cost each victim $2 million to recover from an attack. The average ransom demand is now $220,000, up 40 times in four years.

“There were health care companies, government entities, businesses, even a cyber insurance company. In 2021, we also had the largest ransomware demand, $50 million from Acer. And there was Colonial Pipeline, which was forced to shut down, causing a severe gas shortage in the East.”

Yuan asks a critical question: “What have we learned from all these incidents? A lot of businesses didn’t realize how critical their systems, computers, data and infrastructure were. Because it’s like tap water, right? You turn it on, and water always comes out. You tend to take it all for granted. Until you get locked out.”

That’s where zero trust comes in. “One example that’s part of the zero trust approach is multifactor authentication,” Yuan says. “It’s very effective against ransomware, especially stolen credentials. So we add another factor, something you know, like your password.

“We ask what you own or where you are. It could be a one-time password or something like your fingerprint or your face ID. The attackers won’t know, and they won’t have them, so we can block them. And the administrators will be alerted on these failed attempts.”

In Barry Yuan’s world, zero trust is a game changer in guarding against increasing ransomware attacks. Pearls of wisdom from a pro at powerhouse tech firm Cisco.

Watch the Full Session From the Information Security Symposium