US CISA releases guidance on how to prevent ransomware data breaches

3 years ago 553
BOOK THIS SPACE FOR AD
ARTICLE AD

The US Cybersecurity and Infrastructure Security Agency (CISA) released guidance on how to prevent data breaches resulting from ransomware attacks.

Most of the recent ransomware attack resulted in data breaches for the victims, threat actors implemented a double-extortion schema threatening the victims to data stolen before encrypting them on compromised systems.

Over the past several years, government agencies and its partners have responded to a significant number of
ransomware attacks, including recent attacks against Colonial Pipeline and and U.S. software company Kaseya.

The guidance aims at helping government and private sector organizations in preventing such kinds of incidents.

“All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems. This fact sheet provides information for all government and private sector organizations, including critical infrastructure organizations, on preventing and responding to ransomware-caused data breaches.” reads CISA’s guideline. “CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations”

CISA recommends organizations to implement included in its fact sheet to prevent cyber attacks, the list of best practices includes:

Maintain offline, encrypted backups of data and regularly test your backupsCreate, maintain, and exercise a basic cyber incident response planresiliency plan, and associated communications planMitigate internet-facing vulnerabilities and misconfigurations to reduce the attack vectorReduce the risk of phishing emails from reaching end users by enabling strong spam filters and implementing user awareness and training programsPractice good cyber hygiene by using up-to-date anti-malware solutions and application, implementing application allowlisting, ensuring user and privileged accounts are limited, enabling MFA, and implementing cybersecurity best practices

The fact sheet also recommends organizations to protect sensitive data belonging to customers or employees.

In July, the US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool for the agency’s Cyber Security Evaluation Tool (CSET).RRA could be used by organizations to determine their level of exposure to ransomware attacks against their information technology (IT), operational technology (OT), or industrial control system (ICS) assets.

The federal agency also released a new ransomware self-assessment security audit tool in June to help at-risk organizations understand how well they’re equipped to defend against and recover from ransomware attacks targeting their information technology (IT), operational technology (OT), or industrial control system (ICS) assets.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

Read Entire Article