The reality is that sometimes crime pays — according to my teenage son, that is.  

Last year, my 18-year-old informed me that he didn’t need to go to college to get rich. Curious and a little concerned, I asked why. His answer? Ransomware-as-a-service (RaaS).  

He’d been reading about it online and was fascinated by the large sums of money ransomware victims pay to threat actors. This life of crime is what he considered easy money.  

Ransomware: The cybercriminal’s get-rich-quick scheme

As he explained, RaaS on the dark web function just like the websites you and I use to purchase software every day. They even have help desks to guide beginners. And you don’t need to know how to code!

His conclusion was that it didn’t take much to get rich quick with a bit of cybercrime. Luckily, teenagers aren’t famous for rationally thinking through the consequences of their choices. And they tend to have short attention spans. I'm relieved to say that my son is now in college and (hopefully) not planning on a life of crime.  

But our discussion brought up an important fact. Ransomware is a booming business. Anyone — from nation-state espionage groups and seasoned hackers to curious amateurs — can get in on the action. Ransomware tools are cheap, effective, and incredibly accessible, lowering the barrier to entry for cybercriminals everywhere.

For businesses, this reality makes one thing clear. It’s not a matter of if a breach will happen but when.  

All cyber threats share one thing in common

Every threat actor is different. But every threat shares one thing in common: They want to move.  

The first workload a threat lands on after breaching the network is rarely its first target. It’s just a foot in the door. It will quickly try to spread laterally to neighboring workloads towards its intended target.  

The most common way it spreads? Open ports across segments.  

Attackers take advantage of the various ports that operating systems keep open by default. Not all of these ports need to stay open across all segments.

For example, all Windows workloads have RDP and SMB ports open by default. Threat actors know this. They’ll spread across your network using this three-step process:  

• Land on a Windows workload and quickly discover open ports.

• Establish connections with neighboring workloads.

• Deliver the payload across these segments.  

Zero Trust: Ensuring cybercrime doesn’t pay

Without proper security, modern workloads are like a city full of houses with unlocked doors. Expect to find cybercriminals wandering the streets and testing your doorknobs for their next attack.

The good news? With a Zero Trust strategy, you can make sure that, even when a breach does happen, cybercriminals won’t walk away rich.

Zero Trust flips the script on cybercrime. It’s not just about keeping bad actors out. It’s about limiting what they can do if they get in.  

Zero Trust is grounded in the mantra of “never trust, always verify” which builds least-privilege access throughout your network. Instead of leaving doors open for attackers to wander through, Zero Trust locks them down. Threats get contained and can’t spread across your network.  

A Zero Trust architecture means you can block the methods all ransomware uses to spread without creating an overly complex infrastructure.  

If a threat tries to use open ports to move, a Zero Trust architecture will stop it from spreading. This happens no matter if the threat is from a sophisticated GenAI attack or a simple RaaS purchase on the dark web.  

With Zero Trust, a breach’s attempts to move stop immediately, limiting the damage a breach can do to your network.  

Keep cybercriminals broke with Zero Trust security

Looking back, my son’s get-rich-quick ransomware scheme was a good reminder of how easy it’s become to get into cybercrime. The tools are accessible, the stakes are high, and for many threat actors, there’s still a lot of money to be made.  

But with Zero Trust, we have the power to rewrite that narrative. Zero Trust ensures attackers won’t get far, even when they find their way inside the network.  

So, while my son has moved on from his aspirations of a life of cybercrime, the lesson remains. Cybercrime may be easier than ever, but with Zero Trust, you can make sure your organization doesn’t become someone’s next payday.

This week on the Zero Trust Hub:  

• Gary Barlet urges state and local governments to adopt Zero Trust to counter rising cyber threats in his American City & County article, Why Zero Trust is key to protecting critical infrastructure.

• We’re partnering with GitLab to reveal AI and cybersecurity trends for 2025. Read our insights today to get prepared.

• Join Illumio’s Raghu Nandakumara and IBM’s Simi Deb for their upcoming webinar, Building Resiliency for DORA Compliance, as they discuss top priorities, challenges, and tools to simplify your journey toward DORA compliance before the January 2025 deadline.