NIST( National Institute of Standards and Technology) has recently published draft of Ransomware risk management.
This guidance is aim at the organizations who want to protect themselves about ransomware attacks.
In our earlier discussion, we have seen what is cyber security.
What is Ransomware?
In Layman words, Ransomware consists of 2 words- Ransom and ware.
Ransom means the hackers steal the data from the companies or organizations. And then demand money to return the data or provide back the access.
Ware means software.
So, ransomware means kidnapping of data/information by means of software and demand money to restore the data.
Ransomware is a malicious attack where attackers (hackers) encrypt the organization’s data. They demand the money to restore the access to data. In some cases, hackers steal the organization’s data and demand additional payment in return for not disclosing the information to authorities, public, competitors etc.
What is the impact of Ransomware?
Ransomware disrupts or brings down an organization’s operations.
Poses a dilemma for management whether to pay the ransom money and hope that the hackers keep their word about restoring access and not disclosing data, or do not pay the ransom and restore operations themselves. So organizations has to bear the cost in either ways.
If the news of the ransomware is published, the reputation of company, the trust falls down.
If the company is listed in stock exchanges then stock prices may fall drastically.
How organizations can prevent ransomware attacks?
Organizations can follow recommended steps by different standards/frameworks to prepare for and reduce the potential for ransomware attacks.
This includes identifying and protecting critical data, systems, and devices from ransomware, and preparing to respond to any ransomware attacks that succeed in some cases.
What are NIST provided Security measures for ransomware attacks?
Organizations can take basic preventative and corrective steps now to protect against the ransomware threat.
- Use antivirus software at all times : Set your software to automatically scan emails and flash drives.
- Keep computers fully patched : Run scheduled checks to keep everything up-to-date
- Block access to ransomware sites :Use security products or services that block access to known ransomware sites.
- Allow only authorized apps : Configure operating systems or use third-party software to allow only authorized applications on computers.
- Restrict personally owned devices on work networks.
- Use standard user accounts versus accounts with administrative privileges whenever possible.
- Avoid using personal apps : like email, chat, and social media—from work computers.
- Beware of unknown sources : Don’t open files or click on links from unknown sources unless you first run an antivirus scan or look at links carefully
- Make an incident recovery plan :Develop and implement an incident recovery plan with defined roles and strategies for decision making. This can be part of a continuity of operations plan
- Backup and restore : Carefully plan, implement, and test a data backup and restoration strategy—and secure and isolate backups of important data.
- Keep your contacts : Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement.
What is Ransomware Profile in NIST?
The Ransomware Profile defined in this preliminary draft maps security objectives from the Framework for Improving Critical Infrastructure Cybersecurity to security capabilities and measures that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events.
The Ransomware profile can also be used to identify opportunities for improving cybersecurity to help prevent ransomware.
The five Cybersecurity Framework Functions that are used to organize the Categories in Ransomware profile are:
- Identify : Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.
- Protect : Develop and implement appropriate safeguards to ensure delivery of critical services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event.
- Detect : Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events.
- Respond : Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident.
- Recover – Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident.
NIST published preliminary draft in June 2021 to safeguard the organizations. It describes the steps to preventive and corrective steps to be taken by organizations to act against the ransomware. It also publishes Ransomware profile with categories which organizations can utilize and protect themselves from ransomware attacks.