Here’s my review of the National Institute of Standards and Technology (NIST) Cybersecurity Framework profile for Ransomware Risk Management which guides both internal and external stakeholders of a business on how to manage and reduce cybersecurity risks. It uses existing standards, guidelines, and practices and puts them together to provide a framework for organizations of all industries to use and improve your cybersecurity. With ransomware on the rise and creating a havoc, I highly recommend implementing this framework at your organization.
What is Ransomware?
Ransomware is one of the most common malware used by cyber criminals. It encrypts your organization’s data, and the cyber criminal demands a ransom to return your data. Ransomware attacks target your company’s data and/or critical infrastructure. If it is not addressed, your company’s operations will be disrupted or stopped, leading to a decrease of productivity and loss of profit.
Oftentimes, ransomware leads to the debate whether your company should pay the ransom to get your encrypted data back. According to the FBI’s Ransomware Prevention and Response for CISOs guide, you should “not pay under any circumstances.” However, in the end, the best practice is to completely avoid getting attacked by ransomware. To help companies achieve this, NIST has started to draft the Ransomware Risk Management Portfolio.
Ransomware Risk Management Portfolio
In this portfolio, NIST identifies the security objectives that will help prevent, respond to, and recover from ransomware attacks. With this profile’s guidance, your organization can manage ransomware risks, which includes gauging your business’ level of readiness to mitigate ransomware threats and reacting to potential impacts caused by ransomware.
Many of these ransomware mitigation recommendations are actions you should already implement with your cybersecurity program. This includes:
- Using an antivirus software.
- Keeping computers fully patched and updated.
- Segmenting internal networks
- Blocking access to potentially malicious sites and resources.
- Allowing the use of only authorized applications.
- Restricting the use of personal devices on work networks.
There are many other suggestions and actions that should be followed to optimize your cybersecurity and ransomware risk management. These actions help prevent loopholes and vulnerabilities in your systems from appearing, and thus they prevent cyber criminals from hacking into your system.
Steps to Include in Your Risk Management
Like most recommended cybersecurity plans these days, ransomware risk management should be a risk-based approach to ensure the safety of your organization from potential threats. To do this, you should:
- Identify and measure all potential risks.
- Involve all business stakeholders in the security assessment process.
- Monitor your organization’s security and governance.
With all these steps combined, you can start creating an incident recovery or response plan. Developing and implementing a response plan will help prepare you and your staff in the case of a cyber incident. Creating and practicing the response plan will streamline the process for when a cyber incident occurs.
In addition, keep secure backup data and test restoration to ensure you still have your company’s critical assets and information – even after your system has been locked and encrypted. This will help prevent loss of productivity and lessen profit loss because you will still have some of the information you need for you organization to continue running.
Five Categories of the Ransomware Profile
Based on the five Cybersecurity Framework Functions, the ransomware profile is separated into five categories. These categories include recommended steps and actions on what you should do to improve your ransomware risk management program.
Identifying the risks and vulnerabilities of your network is crucial to understanding how to improve your security effectively. You must understand how your resources affect the functions and processes of your organization. Additionally, you need to know how these functions and processes are related to cybersecurity effects, which will help prioritize which parts of the system you should focus on building or improving first.
In the protect function, you create and implement the safeguards used to ensure the safety of your network and systems. The policies under the protect function limit or contain the impact of a cybersecurity (or ransomware) incident.
Quickly detecting a cybersecurity incident is necessary to minimize the damage caused by the event. With the detect function, you can discover the cybersecurity events in a timely manner. As a result, you will address the incident and minimize the negative impact the incident would have on your organization.
A response plan is crucial to effectively addressing a cyber incident after detecting it. With a proper response plan, you will improve your ability to contain a cybersecurity incident’s impact on your organization.
Finally, after resolving the cybersecurity event, you will need to have plans on how to recover from the damage caused by the incident. A timely recover to normal operations is necessary to reduce the impact of a cybersecurity incident. It will also help recover your business from losses caused by the cybersecurity incident.
A proper plan for a ransomware incident is necessary to ensure the safety of your organization. Additionally, it will prepare your organization for potential risks, optimizing the security of your systems and network. Therefore, you should use the NIST Ransomware Risk Management Portfolio to better understand what you should do to improve your cybersecurity and ransomware risk management. You can also use our ransomware response guide to create a response plan for your organization.
If you found this blog useful, please share with others: