The Reuters news staff had no role in the production of this content. It was created by Reuters Plus, the brand marketing studio of Reuters.
PRODUCED BY REUTERS PLUS FOR
With average data breaches now costing upwards of $4 million, �the ever-growing threat landscape demands a proactive approach.
Explore
The end of ransomware?
Many businesses think they cannot afford to keep their systems and cybersecurity continually up to date. In reality, they cannot afford not to.
Cyberthreats are constantly growing more complex, creating major headaches for businesses of all shapes and sizes. Malware, data breaches, and phishing scams are now so frequent that they've become an ongoing challenge.
Businesses are often unprepared for an attack and less likely to have deep finance reserves or comprehensive cybersecurity insurance in place. Those that weather the initial attack often lack the personnel experienced enough to deal with what comes next.
In the first half of 2022, there were 236 million global ransomware attacks and 5.5 billion malware attacks. 84% of organizations were hit by a phishing attempt, and the operations behind these attacks extorted a record $1.1 billion in ransom payments from victims in 2023.
Traditional security perimeters are dissolving as work becomes more mobile. In fact, 71% of today’s workers say they are most effective on web-based apps.
Shutting out attackers with Zero Trust
Because of its Zero Trust philosophy, ChromeOS is extremely secure. No user or device is automatically trusted. Everyone, and everything, is verified.
“There have been zero reported ransomware attacks on ChromeOS devices, and ChromeOS has never had a virus,” says Dr. Wieland Holfelder, Google VP of Engineering and Munich Office Site Lead*
Using a process called ‘Verified Boot’, the operating system’s integrity is checked by a built-in hardware security chip at every startup. If any unfamiliar code is detected, ChromeOS automatically reverts to a previous version, keeping all devices safe.
Sharing the security burden
The cloud-first nature of ChromeOS offers another layer of security. Cloud storage acts �as a fortress for data, minimizing the risk of breaches from lost or stolen devices. Even if a device goes missing, sensitive information stays safely locked away in the secure cloud infrastructure.
Thanks to a cloud-based management system, businesses can monitor and enforce security policies across the entire organization, ensuring consistent protection for all users.
"With a cloud-first strategy, security moves beyond individual devices. Centralized cloud management gives admins the power to enforce consistent security policies and protection across an entire organization," notes Dr. Holfelder.
Furthermore, ChromeOS is also able to reduce its remote access attack surface with an innovative firewall defense system that prevents criminals from using service discovery protocols to poison requests and coerce systems into connecting to resources they control.
Vulnerability rewards elevate user protection
Hackers are constantly searching for cracks in the armor – unpatched software vulnerabilities. Finding and fixing these bugs is a complex and time-consuming task. However, the more bug hunters on the lookout, the faster these weaknesses get discovered and patched, making it much harder for attackers to gain a foothold.
To incentivize as many security researchers as possible to find these vulnerabilities and responsibly disclose them, ChromeOS runs a vulnerability reward program (VRP). This offers rewards to researchers depending on the bug's severity.
“The security benefits of ChromeOS extend beyond just protection. It can also give businesses a clearer picture of how their data is being used. Some customers can now choose to switch to data processor mode (DPM) within the Google Admin console”, says Tony Ureche, Director, Product Management ChromeOS. This switch shifts Google’s role from that of a data controller to that of a data processor under the EU’s General Data Protection Regulation (GDPR) legislation.
Importantly, DPM helps businesses by providing greater control over user data. Included is a data deletion tool that allows IT administrators to delete a user’s personal data to fulfill potential user or legal requests for data erasure.
With this tool, data associated with Google services deemed essential to ChromeOS such as browsing history, search history and saved passwords is deleted. DPM is expected to roll out to European countries in H2/2024 after a launch in the Netherlands, Belgium and Norway. [For more information on DPM see here.]
Gaining control over data, transparency and privacy
Disclaimer: The Reuters news staff had no role in the production of this content. It was created by Reuters Plus, the brand marketing studio of Reuters. To work with Reuters Plus, contact us here.
And the emergence of cunning threats like ransomware makes a watertight security strategy even more crucial. Businesses need to go beyond securing their offices and embrace a proactive, flexible approach to stay ahead of this ever-changing threat landscape. This is where Zero Trust enters the scene. It's a security approach that's transforming cybersecurity for modern businesses.
The old idea of "trusting but verifying" just doesn't cut it anymore. Zero Trust flips the script with "never trust, always verify." It treats all access attempts with suspicion, whether they come from inside the office or from anywhere else on the internet.
Traditional security perimeters are dissolving as work becomes more mobile.
Centralized cloud management gives admins the power to enforce consistent protection across an entire organization. Security moves beyond individual devices.
When one hotel chain, Strawberry, formerly Nordic Choice Hotels, faced a ransomware attack that affected 90% of its 220 hotels, it turned to ChromeOS Flex (a way to convert older devices to ChromeOS) to quickly re-purpose Windows devices into ChromeOS machines.
Kari Anna Fiskvik, VP of Technology at Nordic Choice Hotels (now Strawberry), says it was a move that allowed the company to get back online swiftly and avoid paying ransomware while strengthening security against future threats.
“Without ChromeOS Flex, the business might have lost as many as six weeks recovering from the attack,” says Fiskvik. “With ChromeOS Flex and our emergency manual backup routines, we didn’t even have to close our doors for one hour.”
There are clear advantages to using cloud-based operating systems. Enabling Zero Trust practices that don’t get in the way of business operations, as well as streamlining everything from updates to policy enforcement and device monitoring, across employees, business sites, and different geographies.
With cloud-based OS, and ChromeOS particularly, enterprises can harden their operating environment, secure their data, and ensure the continuity of their business. For enhanced effectiveness, the cloud-based advantage is key.
Alongside this, sandboxing is used to isolate processes and applications so that even if malware infects one app or tab, it's strongly restricted from spreading to other parts of the system or accessing core files.
Another key strength of ChromeOS is its automatic update system.
More than
has been paid out to researchers so far
“Keeping software kept up to date across the entire ecosystem is a fundamental struggle. By ensuring the latest updates are automatically pushed as soon as they’re released, a fundamental window of attack is firmly closed,” says Dr. Holfelder.
Whereas other operating systems use a traditional access control model that enables administrator users to install software, create users, and configure other changes that may impact or interfere with other users’ data, ChromeOS takes a more secure approach. By design, there are no root or admin-level user types, eliminating multiple classes of attack.
ChromeOS keeps a tighter grip on security by limiting what users can change, even in Developer Mode. This reduces the playing field for attackers, making it harder for them to find weaknesses to exploit. As a result, ChromeOS offers a smaller attack surface compared to other operating systems.
Zero Trust means that no user or device is automatically trusted. If the worst were to happen, it also means that businesses could keep going virtually uninterrupted.
The rewards program is about galvanizing researchers from around the world to collaborate to build a safer, stronger and more stable ecosystem. More than $45 million has been paid out to researchers, so far, with hundreds of vulnerabilities discovered and thousands of bug hunters rewarded.
"Google's VRP is about proactive protection,” says Holfelder. “By rewarding responsible disclosure, we identify and address potential vulnerabilities before they can be exploited." The VRP helps improve the overall security of ChromeOS, protecting users from potential exploits and potentially devastating attacks.
A record
in ransom payments from victims
*As of April 2024, there has been no evidence of any documented, successful virus attack or ransomware attack on ChromeOS. Data based on ChromeOS monitoring of various national and internal databases.
in ransom payments from victims
has been paid out to researchers so far
There are clear advantages to using cloud-based operating systems. Enabling Zero Trust practices that don’t get in the way of business operations, as well as streamlining everything from updates to policy enforcement and device monitoring, across employees, business sites, and different geographies.
With cloud-based OS, and ChromeOS particularly, enterprises can harden their operating environment, secure their data, and ensure the continuity of their business. For enhanced effectiveness, the cloud-based advantage is key.
Disclaimer: The Reuters news staff had no role in the production of this content. It was created by Reuters Plus, the brand marketing studio of �Reuters. To work with Reuters Plus, contact us here.
How ChromeOS' Zero Trust approach protects businesses
The end of ransomware?