The number of ransomware attacks on organizations around the globe is growing at an exponential rate with no signs of slowing down. According to Check Point, ransomware attacks grew by 102% in the first half of 2021 compared to the beginning of 2020.
Cybersecurity Ventures expects ransomware to attack a business, consumer, or device every 2 seconds by 2031, up from every 11 seconds this year, and estimates ransomware damages to cost the world $265 billion by 2031. To operate in this precarious digital landscape, organizations today must go the extra mile to ensure that their cyber defense mechanism is robust and effective.
In the wake of the significant surge in ransomware attacks, the National Institute of Standards and Technology (NIST) has published a new draft on “Cybersecurity Framework Profile for Ransomware Risk Management” that sets out its guidance on how organizations can prevent, respond to, and recover from ransomware attacks.
The document details basic preventive steps to protect against the ransomware threat, including using antivirus at all times, keeping computers fully patched, continuous monitoring, segmenting internal networks, educating employees about social engineering, assigning and managing credential authorization, and many more.
NIST has classified Cybersecurity Framework Functions into five categories: Identify, Protect, Detect, Respond, and Recover, and has suggested key measures under each of these functions to protect against ransomware threats.
Identify - This is the first step and the foundation for the rest of the framework. It requires developing an organization-wide understanding of systems, people, assets, data, and capabilities, and the associated cybersecurity risks. Some of the key suggestions made by NIST under this head include:
Protect – This function is critical to limit or contain the impact of a potential cybersecurity event and involves implementing appropriate safeguards to ensure the delivery of critical services. Some of the key measures include:
Detect – This function requires the implementation of appropriate activities to identify the occurrence of a cybersecurity event and enables timely discovery of cybersecurity events. Some of the key suggestions include:
Respond –Once a cybersecurity incident is detected, the Respond Function is important to take appropriate action and measures to contain the impact. NIST recommends:
Recover – This involves implementing appropriate activities to maintain plans to restore any capabilities or services that were impacted in a cybersecurity incident and helps an organization’s timely recovery to normal operations. Key measures include:
MetricStream welcomes the ransomware guidance from NIST. Such practical frameworks can considerably help CISOs and security teams to develop an effective cybersecurity strategy from the ground up and evaluate their existing strategy for any gaps or loopholes.
The MetricStream IT and Cyber Risk and Compliance solution is aligned to the capabilities detailed in the NIST guidance. It helps organizations to proactively anticipate and minimize IT and cyber risks, threats, vulnerabilities, and multiple IT compliance requirements. The solution cuts across enterprise siloes by facilitating harmonization between various functions and aggregating information and providing a 360-degree, real-time view of IT risk, compliance, policy management, and IT vendor posture. It also enables enterprises to execute and manage an eﬀective business continuity and disaster recovery program. To request a personalized demo, click here.