The National Institute of Standards and Technology (NIST) recently released a preliminary draft of its Cybersecurity Framework Profile for Ransomware Risk Management. The public comment period for this draft runs through July 9, 2021. NIST says “The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization’s level of readiness to counter ransomware threats and to deal with the potential consequences of events.” NIST is taking an iterative approach to this framework and there will be at least one additional public comment period on it.
Protecting Against Ransomware Attacks
The NIST framework recommends the following steps to protect against the ransomware threat:
Recovering From Ransomware Attacks
In addition, NIST recommends the following steps organizations can take now to help recover from a future ransomware event:
Determining Your Organization’s State of Readiness to Prevent And Mitigate Ransomware Attacks
Organizations can use the NIST framework to profile their state of readiness for ransomware attacks, identifying and prioritizing opportunities for improving their ransomware resistance. NIST identifies the following functions as a further means to address ransomware risks:
Ransomware continues to present a significant threat to organizations. The NIST framework presents an opportunity to assess and improve prevention and mitigation measures. Organizations may not be able to prevent all attacks, but it is important to remain vigilant and be aware of emerging trends.
Here are some additional helpful resources for ransomware attack prevention and response: