The ransomware landscape is evolving, and ransomware is now one of the most popular (for cybercriminals) and damaging types of malwares. The JBS, Colonial Pipeline and Kaseya attacks are the recent high-profile examples of the impact of ransomware and the monumental consequences it can have: Shifts in the market, impact on infrastructure and even leading to action at the highest levels of government.
In the wake of these attacks and other events like the SolarWinds attack, the executive branch has taken action in the form of an executive order (EO), which covers several cybersecurity concepts. This order encourages private sector companies to follow the Federal government’s lead to help minimize the impact of future incidents.
There are several different concepts outlined in the EO, so to help organizations get started, I’ve outlined some of the key concepts that organizations should be paying attention to now and offer a few tips on how you can start implementing these strategies today.
One of the orders that stood out to me is the “Modernize and Implement Stronger Cybersecurity Standards in the Federal Government” requirement. This aims to move the Federal Government to increase and adopt better security practices with zero-trust security, accelerating movement to secure cloud services, and the deployment of multifactor authentication and encryption.
At Veritas, we counsel enterprises to adopt what we call a “zero-security” posture; it’s the mentality that even the most effective endpoint security will be breached. It is important to have a plan so that you’re prepared for when this happens.
Enterprises need to have a robust endpoint data protection and system security. This includes antivirus software and even whitelisting software where only approved applications can be accessed. Enterprises need both an active element of protection, and a reactive element of recovery.
Companies hit with a ransomware attack can spend five days or longer recovering from an attack, so it’s imperative that companies are actively implementing the right backup and recovery strategies before a ransomware attack.
Black hats who are developing ransomware are trying to prevent any means of egress from an enterprise having to pay the ransom. This is why ransomware attacks target files and systems in use, as well as backup systems and cloud-based data.
We urge organizations to implement a more comprehensive backup and recovery approach based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. It includes a set of best practices: Using immutable storage, which prevents ransomware from encrypting or deleting backups; implementing in-transit and at-rest encryption to prevent bad actors from compromising the network or stealing your data; and hardening the environment by enabling firewalls that restrict ports and processes.
The other aspect of the EO I wanted to touch on was the call to “Create a Standard Playbook for Responding to Cyber Incidents.” The federal government plans on creating a playbook for federal agencies that will also act as a template for the private sector, to help companies take the appropriate steps to identify and mitigate a threat.
Time is of the essence, so before we see the federal government’s playbook, here are a few important steps organizations should be thinking about when it comes to creating their own:
Preparing your company for an inevitable ransomware attack is becoming more critical every day. The Colonial Pipeline attack has driven new mandates for cyber resiliency, and as security leaders, we have a critical role in ensuring we’re doing everything we can to protect and secure valuable and sensitive data.
Ransomware won’t be “solved.” I see it as an arms race where we all have to be constantly vigilant, especially around elements that are out of our control. No single solution or security control is going to stop ransomware, but by taking a layered security approach, you’ll be able to mitigate the impact of and get back up and running very quickly.
Alex Restrepo is part of the Virtual Data Center Solutions team at Veritas.
Enjoy additional insights from Threatpost’s InfoSec Insider community byvisiting our microsite.
threatpost.com/colonial-pays-5m/166147/
threatpost.com/jbs-paid-11m/166767/
threatpost.com/kaseya-universal-decryptor-revil-ransomware/168070/
threatpost.com/microsite/infosec-insiders-community/
threatpost.com/solarwinds-attackers-dhs-emails/165110/
www.veritas.com/content/dam/Veritas/docs/infographics/V1115_GA_IG-Ransomware-resiliency-research-2020-infographic_EN.pdf
www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/