{"id":31375,"date":"2021-08-27T15:31:59","date_gmt":"2021-08-27T21:31:59","guid":{"rendered":"https://www.webroot.com/blog/?p=31375"},"modified":"2021-08-27T15:32:00","modified_gmt":"2021-08-27T21:32:00","slug":"nists-ransomware-guidelines-look-a-lot-like-cyber-resilience","status":"publish","type":"post","link":"https://www.webroot.com/blog/2021\/08\/27\/nists-ransomware-guidelines-look-a-lot-like-cyber-resilience\/","title":{"rendered":"NIST\u2019s ransomware guidelines look a lot like cyber resilience"},"content":{"rendered":"\n<p>When the Institute for Security &amp; Technology\u2019s Ransomware Task Force published <a href=\"https:\/\/securityandtechnology.org\/ransomwaretaskforce\/\">its report on combatting ransomware<\/a> this spring, the Colonial Pipeline, JBS meatpacking and Kaseya VSA attacks were still around the corner.<\/p>\n\n\n\n<p>Nevertheless, the report took the danger presented by ransomware to both businesses and global security for granted. Already in 2020, according to the report:<\/p>\n\n\n\n<ul><li>2,4000 governmental agencies, healthcare facilities and schools had been hit with ransomware<\/li><li>$350 million had been paid out ransomware actors, a 311% increase over 2019<\/li><li>It was taking 287 days on average for a business to fully recover from a ransomware attack<\/li><\/ul>\n\n\n\n<p>Even given what we now know \u2013 that 2021 would feature some momentous ransomware attacks against physical and IT infrastructure \u2013 the report\u2019s expert authors recognized the threat was dire. That led to them devising a \u201ccomprehensive framework for action, \u201dpolicy recommendations, in other words, for tackling the threat.<\/p>\n\n\n\n<p>&#8220;<em>The immediate physical and business risks posed by ransomware are compounded by the broader societal impact of the billions of dollars steered into criminal enterprises, funds that may be used for the proliferation of weapons of mass destruction, human trafficking, and other virulent global criminal activity.<\/em>&#8221; -Ransomware Task Force, IST<\/p>\n\n\n\n<p>While many of these would fall to law enforcement, U.S. and international governments to enact, the report makes for fascinating reading for anyone interested in ransomware. It also provides a number of helpful tips businesses of all sizes can enact to protect themselves against ransomware.<\/p>\n\n\n\n<p>A key recommendation throughout is that business\u2019 anti-ransomware policies \u201cshould be consistent with existing cybersecurity frameworks,\u201d like those released by NIST, \u201cbut specific to ransomware.\u201d<\/p>\n\n\n\n<p>Luckily, it wouldn\u2019t be long before NIST would publish its ransomware-specific recommendations for businesses. It just so happens, their recommendations look a lot like our cyber resilience framework.<\/p>\n\n\n\n<p><strong>Meeting NIST benchmarks<\/strong><\/p>\n\n\n\n<p>Earlier this summer, NIST released updated <a href=\"https:\/\/www.nist.gov\/news-events\/news\/2021\/05\/nist-releases-tips-and-tactics-dealing-ransomware\">tips and tactics for dealing with ransomware<\/a>.<\/p>\n\n\n\n<p>The recommendations are split between actions users can take avoid infection and those businesses can take to quickly recover in case their compromised. This dual-focus approach to prevention and recovery aligns neatly with cyber resilience best practices (and similar thinking influenced our product roadmap).<\/p>\n\n\n\n<p>On the preventative side, NIST advises:<\/p>\n\n\n\n<ul><li>Using antivirus software at all times<\/li><li>Keeping computers fully patched with security updates<\/li><li>Using security products or services that block access to known ransomware sites on the internet<\/li><li>Configuring operating systems or using software allowing only authorized applications to run<\/li><li>Restricting or prohibiting the use of personal devices for work<\/li><\/ul>\n\n\n\n<p>It\u2019s worth noting that blocking access to known ransomware sites is a recommendation that can be accomplished with network-level security. When paired with the strong recommendation to use antivirus software at all times, NIST\u2019s recommended prevention measures already cover two key areas of focus in a cyber resilience strategy: endpoint security and network protection.<\/p>\n\n\n\n<p>On the recovery side, NIST urges the following:<\/p>\n\n\n\n<ul><li>Develop and implement an incident recovery plan with defined roles and strategies<\/li><li>Carefully plan, implement and test a data backup and restoration strategy<\/li><li>Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement<\/li><\/ul>\n\n\n\n<p>Another core aspect of cyber resilience is the ability to recover data and return to business in the event of an attack. While natural disasters and unplanned outages were once the focus of these contingency plans, ransomware\u2019s current popularity is another reason to ensure backup and recovery are accounted for.<\/p>\n\n\n\n<p>NIST notes the importance of making sure backups are isolated from one another to prevent infections from spreading between them. For more information on configuring backups and meeting NIST\u2019s other backup guidelines, check out <a href=\"https:\/\/www.webroot.com\/blog\/2021\/06\/21\/an-msp-and-smb-guide-to-disaster-preparation-recovery-and-remediation\/\">our guide to disaster preparation, recovery and remediation<\/a>.<\/p>\n\n\n\n<p><strong>Don\u2019t overlook security awareness training<\/strong><\/p>\n\n\n\n<p>One aspect of ransomware prevention not mentioned by NIST is the importance of security awareness training. The RTF report cites a lack of understanding among business leaders as a contributing factor to its success and recommends increasing knowledge of the problem as a recommended objective.<\/p>\n\n\n\n<p>But, perhaps because it\u2019s seen primarily as a phishing-related problem as opposed to a ransomware-related one, NIST\u2019s tips do not mention user education. We recommend this be added as a key component of a comprehensive ransomware protection plan \u2013 or any cyber resilience strategy, for that matter.<\/p>\n\n\n\n<p>In <a href=\"https:\/\/www.hiscoxgroup.com\/cyber-readiness\">a report<\/a> by insurance firm Hiscox, phishing was by far the number one method of infiltration in ransomware attacks. Our data show that regular, ongoing training can help cut phishing by up to 72%. To tackle the root cause of ransomware infections, security awareness training should be considered an essential element of a cyber resilience strategy.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When the Institute for Security &amp; Technology\u2019s Ransomware Task Force published its report on combatting ransomware this spring, the Colonial Pipeline, JBS meatpacking and Kaseya VSA attacks were still around the corner. Nevertheless, the report took the danger presented by ransomware to both businesses and global security for granted. Already in 2020, according to the [&hellip;]<\/p>\n","protected":false},"author":149,"featured_media":31377,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[21944],"yst_prominent_words":[],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/31375"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/149"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=31375"}],"version-history":[{"count":1,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/31375\/revisions"}],"predecessor-version":[{"id":31379,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/31375\/revisions\/31379"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/31377"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=31375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=31375"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=31375"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=31375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}