The Cybersecurity and Infrastructure Security Agency (CISA) has put a document online with all kinds of tips and advice for companies to become more resilient against ransomware attacks and data breaches. For example, the agency advises making regular encrypted backups and using strong spam filters to prevent phishing. The body advises companies and organizations to implement the measures as soon as possible in their operational management.
Ransomware attacks and other digital cyber threats pose a greater threat to our society by the day. If private computers are attacked and locked, it is annoying for the person in question. If that happens at a company or organization that is active in the critical infrastructure or vital sector, it can disrupt a large part of the economy, healthcare and other parts of society. That is why National Coordinator for Counterterrorism and Security Pieter-Jaap Aalbersberg called ransomware a ‘risk to our national security and ‘a plague for SMEs’.
In the United States, cybersecurity experts and agencies are no different. Like the National Cyber Security Center (NCSC) in our country, CISA is involved in combating cyber threats. The organization does this by sharing threat information, assisting with cyber attacks and providing advice on cybersecurity and information security.
CISA says several ransomware attacks have recently taken place on US companies. Specifically, she refers to the ransomware attack on Colonial Pipeline and ICT service provider Kaseya. Meat producer JBS also belongs in this list. However, the danger is not limited to large, international companies. All organizations are at risk of a ransomware attack and are responsible for protecting sensitive and personal data stored on their systems.
The premise of ransomware today is the same as it used to be: a hacker breaks in, install ransomware, and demands money for the decryption key. Ransomware today is more destructive and more impactful. “Hackers and cybercriminals steal larger amounts of data – including sensitive and personal data – and threaten to make it public if a ransom is not paid,” CISA said. Such data breaches often lead to major financial damage for organizations and reduce consumer confidence.
Businesses and organizations don’t have to sit helplessly on the sidelines and watch as ransomware attacks destroy their life’s work. CISA has listed various tips and advice on how businesses and civil society organizations can protect their organization against these types of cyber threats.
The document is divided into three parts. The first part is about preventing ransomware attacks. The second part focuses on protecting confidential and personal information. Finally, the third part answers the question of what companies and organizations should do if they are hit by ransomware and sensitive data ends up on the street.
Companies and organizations can protect themselves against ransomware attacks with the tips below.
- Make regular backups part of your routine. Of course, don’t forget to test the backups and encrypt them.
- Create regulations and protocols that tell employees how to deal with cyber incidents. Think of detective and corrective measures. Also draw up rules for reporting security incidents (incident management), setting up a fall-back location ( redundant site ) and a communication plan.
- Reduce the possibility of vulnerabilities and misconfigurations so that hackers cannot exploit this attack surface. This includes installing software updates, monitoring network activity, and enabling security options on all hardware.
- Reduce the chance of receiving spam. By enabling spam filters and training employees to recognize phishing messages, you reduce the chance of getting ransomware or other malware.
- Maintain good cyber hygiene. Install antivirus software, whitelist legitimate applications, implement proper authorization policies, and enable two-step verification (MFA).
- Point out the above security measures to Management Service Providers (MSPs) to prevent ransomware attacks.
Organizations that handle confidential information or private data must ensure that their information security is in order. CISA gives the following tips for this:
- Make sure you are aware of which confidential data you store, process or share. It is very important that you know exactly who has access to this data.
- Ensure good physical security, both inside and outside the building. Also make sure that devices such as computers and servers meet the current security requirements. Maintain and test the equipment regularly.
- Implement cybersecurity best practices. Secure confidential data with encryption, set up firewalls to protect your business from malicious network traffic, and consider implementing network segmentation ( zero trust policy ).
- Describe in the communication plan how employees should respond to data breaches. For example, the GDPR requires that a data breach must be reported to the national supervisory authority within 72 hours.
Companies and organizations that are confronted with the consequences of a ransomware attack despite the above measures should not sit still and do nothing. On the contrary: they must immediately take measures to prevent worse.
- Make sure that the damage does not increase. Determine which systems are affected and disconnect them from the corporate network. If that is not possible, turn off the power to prevent the malware from spreading further. Also, enter into discussions with employees and external parties.
- Collect as much evidence of the attack as possible, such as log files or images of the operating system and memory. Do not destroy forensic evidence and take good care of the evidence you have collected.
- Notify people and organizations about the attack and the data breach. Make sure that duped business partners and other victims are not groping in the dark.
- Report the incident, not only to the supervisor but also to the police and authorities such as the NCSC and the Digital Trust Center (DTC).
Catch up on more articles here
Follow us on Twitter here