Ransomware incidents continue to be on the rise, wreaking havoc for organizations globally. Ransomware attacks target an organization’s data or infrastructure, and, in exchange for releasing the captured data or infrastructure, the attacker demands a ransom. This creates a dilemma for organizations — the decision to pay the ransom, relying on the attacker to release the data as they say, or to reject the ransom demand and try to restore the data or operations on their own.
On the heels of new federal actions related to cyber security, the National Institute of Standards and Technology (NIST) recently issued a Cybersecurity Framework Profile for Ransomware Risk Management (Ransomware Profile), currently designated as “NISTIR 8374.” This new Ransomware Profile “maps security objectives” from the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Cybersecurity Framework). The Ransomware Profile “can be used as a guide to managing the risk of ransomware events” and can help “gauge an organization’s level of readiness to mitigate ransomware threats and to react to the potential impact of events.”
This is the second cybersecurity framework profile recently released by NIST to help reverse ransomware attacks. In late 2020, NIST released its “Zero Trust Architecture” framework as an additional alternative to ransomware defense. To learn more about NIST’s Zero Trust Architecture model, read here.
This new NIST Ransomware Cybersecurity Framework Profile is composed of three unique parts:
- The Framework Core
- The Framework Implementation Tiers
- The Framework Profile
Additionally, the Framework Core includes five parts, intended to be concurrent and continuous functions that adopting entities should employ:
- Identify
- Protect
- Detect
- Respond
- Recover
These functions “provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk” and, to simplify what NIST is propounding, the Ransomware Profile expands on the Cybersecurity Framework by using the five parts of the Framework Core to offer practical steps that organizations can take to safeguard their networks from potential ransomware attacks.
Recognizing the difficulty in implementing reliable ransomware safeguards, the Ransomware Profile also recommends that all organizations implement the following basic protections as soon as possible to protect themselves from cyberattack:
- Use antivirus software at all times
- Keep computers fully patched
- Segment networks as applicable
- Continuously monitor directory services (and other primary user stores)
- Block access to potentially malicious web resources
- Allow only authorized apps
- Use standard user accounts
- Restrict personally owned devices
- Avoid using personal apps—such as email, chat, and social media—on work computers
- Educate employees about social engineering
- Assign and manage credential authorization
NIST is upping the ante in the battle against the growing threat of ransomware attacks. As cyber attackers continue to expand and morph their strategies to find new ways to attack organizations throughout the country, NIST is increasing its defensive cyber framework strategies. NIST has now issued two new frameworks to provide guidance on keeping organizations and their data and operations safe, particularly against ransomware attacks. Using due diligence to ensure that organizations take all possible steps is key to limiting cyberattacks and mitigating the attacks that will inevitably happen.
