U.S. Government Launches Ransomware Resource Website In Effort To Educate
The number of ransomware attacks in the US has more than doubled in the last twelve months according to SonicWall’s 2021 cybersecurity report. Not only has there been a dramatic increase in the number of ransomware attacks but the ransom amounts being asked by cyber criminals has dramatically increased as well. To make matters even more dire, a recent survey of over 5,400 IT decision makers found that 54% say cyberattacks are now too advanced for their IT Team to handle on their own.
Late last year, the U.S. Treasury issued a warning to US corporations that opt to pay their attackers citing that those corporations may be subject to sanctions against them by paying ransoms to malicious actors in countries that have US embargoes against them. The continued escalation of ransomware attacks on US corporations has now prompted the U.S. Government to create a website in an attempt to educate corporations on how to reduce the risk of ransomware.
As you read through the newly issued Ransomware Guide, it becomes clear that only a few recommendations are related to the logging or detection of activity while the majority of the items listed are preventative steps organizations should take to prevent attacks in the first place, or at least significantly reduce their impact. Below are some highlights:
-
-
-
- Maintain Backups
- Create, Maintain and Exercise a basic cyber incident response plan
- Conduct Vulnerability Management
- Regular patching hardware and software
- Employ best practices for high risk protocols (RDP, SMB, etc)
- Implement a Cybersecurity user awareness and training program
- Properly implement and configure email security gateway
- Disable macro use
- Ensure Anti-Virus/Malware signatures are up to date
- Software/Application management
- (Detect) Consider implementing intrusion detection system
- Employ MFA/2FA
- Apply policy of least privilege
- Make proper use of protected user groups in AD
- Audit user accounts
- Properly harden cloud environments
- Develop and regularly update comprehensive network diagram
- Employ proper network segmentation
- Inventory and control network assets
-
-
The list goes on. The key point for organizations to realize is that “detection” is only a small component of what is required to “prevent” cybersecurity attacks. The very nature of detecting a cybersecurity attack is to provide an alert that an an attack has already occurred! The focus for organizations should be to prevent the cybersecurity attack in the first place. Despite this fact, many organizations continue to focus a disproportional amount of time, money and resources on cybersecurity solutions and providers that are almost entirely focused on detection efforts.
Zyston understands the importance of preventative actions and leverages a comprehensive XDR (prevent, manage, detect, and respond) cybersecurity model that goes beyond the alert to assure results, strengthen systems and reduce the probability of future attacks. Start looking beyond the alert and take Zyston’s CyberCast Assessment to better understand how vulnerable your organization is to a cyberattack.
Long live PREVENT!
CyberCast Security Reporting
Security reporting that speaks business
Zyston CyberCAST brings the world of cybersecurity metrics up out of the weeds and into the hands of executive decision makers so nothing gets lost in translation. With CyberCAST, your organization gets clear visibility on security risks and also how your organization scores against your industry peers.