Share this article on:
The National Institute of Standards and Technology (NIST) has released a draft Cybersecurity Framework Profile for Ransomware Risk Management to help organizations prevent, respond and recover from ransomware attacks.
The Ransomware Profile is intended to be used by organizations that have adopted the NIST Cybersecurity Framework and want to improve their risk postures or any organization that has not yet adopted the Framework but wants to implement a risk management framework to meet ransomware threats. The Ransomware Profile can be used to identify and prioritize opportunities for improving their ransomware resistance.
The Ransomware Profile includes a series of steps that should be taken to prevent ransomware attacks and effectively manage ransomware risk. It should be used in conjunction with the NIST Cybersecurity Framework, other NIST guidance, and guidance issued by the Federal Bureau of Investigation and Department of Homeland Security.
The Ransomware Profile outlines basic measures that can be implemented to improve defenses against ransomware attacks. These include the use of antivirus software, ensuring scans are automatically conduced on emails and flash drives, keeping computers fully patched, blocking access to known ransomware sites, only permitting authorized apps to be used, restricting the use of personally owned devices, restricting the use of accounts with administrative privileges, avoiding the use of personal apps, and conducting security awareness training to warn employees about the risks of clicking links or opening files sent from unknown sources. These measures alone will help to significantly reduce ransomware risk.
Should a ransomware attack succeed, it is essential for organizations to be prepared as this will allow them to limit the damage caused and accelerate the recovery time. That requires an incident recovery plan, maintaining an up-to-date list of internal and external contacts for ransomware attacks, and ensuring a comprehensive backup and restoration strategy is implemented.
As is the case with the NIST Cybersecurity Framework, the Ransomware Profile is divided into five categories: Identify, Protect, Detect, Respond, and Recover. Each of those categories has several subcategories and selected informative references along with an explanation of how they apply to preventing and responding to ransomware attacks.
Identify is concerned with developing a thorough understanding of cybersecurity risks to systems, people, assets, data, and capabilities, which is essential for effective use of the Framework.
Protect involves implementing safeguards to prevent critical services from being disrupted to allow a business to continue to function – for example, implementing network segmentation to limit the ability of an attacker to move laterally and attack all systems.
Detect is concerned with implementing systems that can detect intrusions prior to the deployment of ransomware, including maintaining logs and conducting audits when anomalous activity is detected.
Respond is concerned with taking appropriate actions to contain a ransomware attack, with Recover concerned with implementing appropriate activities to restore capabilities and services that have been impacted by a ransomware attacks and taking steps to minimize the probability of future successful ransomware attacks to restore confidence among stakeholders.
NIST is accepting commends on the draft Ransomware Profile until July 9, 2021. After the revised Ransomware Profile is released, there will be a further comment period before the final Ransomware Profile is published.