Chapter 1
The Case for Zero Trust

It was still dark in the room, but Dylan couldn't sleep any longer. He looked at the clock. It was only 4:45—not enough time to go back to sleep but too early to actually get up. Dylan was starting a new job today. Maybe his dream job if things worked out. So what if he was a little anxious? He was also genuinely excited, and he hadn't felt that way about a job in a long time. Or maybe ever. He closed his eyes again hoping for another few minutes of sleep.

Dylan opened his eyes and turned back to the clock. It now read 4:46. He decided to get up instead of waiting for the alarm. His house slippers sat next to his running shoes in front of the nightstand. He slipped on his running shoes. He turned on the lamp and walked to the treadmill sitting on the opposite side of the room. He grabbed his right ankle with his right hand, stretching his quadricep, stretched the other leg, then hopped onto the treadmill.

He heard the warm tone of recognition as the treadmill scanned his face and loaded his profile. His three favorite workouts popped up on the curved LED screen. He tapped the fourth icon at the bottom, and he could see nine livestreams of runners from across the world. He picked the one on a beach in Costa Rica and began running. He could hear a whoop from several other runners following the livestream that he had gone on runs with before as they saw him join.

But then a funny thing happened: the livestream froze. Then instead of reconnecting him, the treadmill started to slow down to a safe speed, then stopped. The March Fitness logo appeared on the screen like when his Wi-Fi had gone out a few months back. Dylan stepped off the treadmill and checked his phone, but the Wi-Fi seemed to be working.

He decided to jump in the shower and start getting ready for work. After he had gotten dressed, he started his morning ritual of making his coffee and checking his email for any news alerts. Since he was starting at a new company, he had created an alert to send him an email whenever a news story about his new company, March Fitness, and the word “IT” or “outage” were mentioned. To his horror, his inbox was full of emails. His treadmill wasn't the only one that wasn't working. The whole company was down due to an outage. Worse, a cybersecurity reporter was claiming on Twitter that the company had just experienced a widespread cyberattack.

Dylan stood there, unable to move. How could this be happening? On his first day? An alarm was going off somewhere, and it took Dylan a moment to realize that it was his alarm clock. It was finally time for him to wake up.

There was still a chill in the air as Dylan ran up the steps of the headquarters building. In the center of the stairs was a giant running shoe made from a wire mesh with only the toe of the shoe attached to the slab of marble underneath. He walked through the revolving door, and more wire mesh shoes divided the length of the hallway, each in slightly different running positions, as though some giant had just run through, losing a new shoe at each point in its stride. The lobby to the headquarters of March Fitness ran the entire length of the building, separating the headquarters of the company into the north side and the south side.

The north side of the building is where all the executives of the company had their offices, along with marketing, HR, finance, and sales. The south side of the building was where the Information Technology offices were located, along with the research and development offices. Unlike when he had interviewed, there was no one at the security desk, and the security doors on either side of the building were propped wide open. There was a steady stream of what Dylan thought were interns sprinting north to south and south to north, all carrying crumpled up papers in either hand. This was a bad sign; if they had resorted to physical messengers, it meant that not only email was down but also instant messaging and the phone system. Or maybe they had taken the network itself down to prevent the attack from spreading further?

Since Dylan didn't know where he should report, he headed toward the south side because that was where he had interviewed. He naturally broke into a jog to keep up with the messengers, and although he was in good shape and his six-foot-two-inch frame meant his steps were longer than average, the messengers darted around him like he was standing still.

He passed a bank of elevators and went into a cubicle farm where 100 employees would have normally sat. Instead, all the monitors were dark, and each had a piece of paper taped to it that read, “Do not power on.”

He followed the stream of breathless messengers to a conference room where he finally saw someone he recognized. Dr. Noor Patel, the Chief Information Officer, was sitting at the head of a conference table in the center of the room. Noor was wearing a black suit and white shirt, with her trademark black silk tie. At the opposite side of the table was Olivia Reynolds, the CEO and Founder of March Fitness. Everyone else at the table was wearing suits except for Reynolds, who was wearing one of March Fitness's own brand of running suit.

“Dylan?” a woman whispered into his ear. She had silently moved through the standing-room-only crowd that had gathered around the meeting and startled Dylan. She had dark hair and was almost as tall as Dylan and smelled like lilacs. She was holding a binder full of papers that read Business Continuity Plan.

“I'm Isabelle… I run the Project Management Office. Noor asked me to keep an eye out for you this morning. Heck of a first day.” She turned to stand next to Dylan and watch the discussion going on at the center of the room.

She handed him his ID card, the retractable holder already attached. “You're lucky we printed this last week. Now the whole card reader system is down, just like everything else. We started seeing some unusual activity on the network sometime Sunday evening,” Isabelle whispered to Dylan. “By this morning, things were out of control.”

He pinned the ID card to his belt, “I'm guessing you guys took the network down as a precaution? Do they know what the cause is?”

“Good guess, Dylan. Actually, a number of computers seem to have been infected with ransomware. We're still investigating the cause, but the company is losing money every minute the network is down, so what they're focusing on now is the fastest way to get us back online.”

Olivia Reynolds spoke softly, but everyone immediately stopped talking and turned to look at her. “How do we know this ransom isn't just some kind of scam?” she asked. “Even if we did pay them, how do we know they'll actually unlock our computers?”

“Ma'am,” one of the suits next to Noor spoke up. Unlike Noor, his suit was wrinkled and didn't seem to fit quite right. “We see this issue come up frequently. There are scam ransomware actors out there. We can tell when this is the case, because they'll use the same bitcoin wallet for all their victims. In those cases, you'll see lots of transactions where their victims tried to pay up.”

“That's our security consultant, Peter Liu,” Isabelle clarified quietly to Dylan.

“And in our case?” Olivia asked.

“In our case,” Noor responded before the consultant could answer, “the bitcoin wallet is brand new, with only one transaction that we believe was just the cybercriminal testing the account.”

“How does that explain anything?” asked a white-haired man wearing a blue pinstripe suit.

“That's our General Counsel, Kofi Abara,” Isabelle clarified. “He's one of the smartest people I've ever met. Also, he runs a monthly poker tournament. He was actually in the World Series of Poker a few years ago. Never bet against him.”

“It's an accounting issue,” Peter explained. “The cybercriminal needs to know which victims have paid and which haven't. The only way to do that is to have a different bitcoin wallet for each victim. Seeing that the bitcoin wallet is empty means this cybercriminal is serious.”

“What's our next move?” Olivia asked.

Noor stood up and addressed the room. “We aren't going to pay this cybercriminal if we can avoid it. We have our backups, and our team will go into overtime bringing computers back online from scratch. We've delayed upgrading our antivirus to a more modern EDR solution, so we'll be doing these upgrades in parallel while we restore our devices. This will improve our visibility into systems to be able to detect and prevent further intrusions as well. Our consultants will be working with us to ensure the entire process will take hours, not days.” There were cheers from around the room from nervous IT staff ready to get to work.

Isabelle leaned over to Dylan and asked, “What's an EDR tool?”

“It's like antivirus software on steroids,” Dylan whispered. “It stands for endpoint detection and response. Old antivirus programs would use a kind of fingerprint to find malware, but the bad guys figured this out and would use different fingerprints. EDR works like facial recognition, so it doesn't matter if you grow a beard or put on glasses. It can also take action to kick the bad guys out.”

Isabelle nodded thoughtfully as the...