In 2014, The National Institute of Standards and Technology (NIST) released the first version of their Cybersecurity Framework. The Framework, which has since been updated, is voluntary guidance based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. It assists organizations in determining which activities are most important to assure critical operations and service delivery. By providing a common language to address cybersecurity risk management, it is especially helpful in communicating inside and outside the organization.
In this installment of the NextLabs Cybersecurity Expert Series, Bill Fisher references the NIST Cybersecurity Framework as a vital component for organizations looking into mitigating cybersecurity risk. This is Part 2 of Episode 1: Data Security and Ransomware Defense. In Part 1, Bill Fisher covered what ransomware attackers are trying to accomplish, how ransomware is different from other malware, and what has brought ransomware back into the spotlight. In this part, Bill dives deeper into mitigating ransomware risk, as well as what resources NIST offers to help manage this risk. Read his insights below or watch the full Q&A video on our YouTube.
Q1: How an organization can mitigate a ransomware event.
You know, one thing that’s really important is using multifactor authentication for your authenticators and making sure that you’re patching all your systems on a regular basis, you’re keeping track of the patches that are being released and the sort of vulnerabilities that they’re addressing. And then, of course, one of the big ones is employee awareness. We continue to see social engineering of users as an avenue for attackers to get into networks. Whether it’s getting them to click on a link and download malicious software or whether it is giving them a phishing webpage and having them put in some sort of credential, a password, a pin, or even like a one-time password on a token, that type of thing.
So, all of those are going to be really important. Before events happen, it’s really critical to have prior preparedness. So, you’re going to want things like established standard operating procedures for how you recover. You’re going to want some sort of prioritization for the systems that you want to recover, right? So, what are your most critical assets that need to be up and running first. You’re going to want to have really good well-established communication channels. Then decision trees can be really helpful. If this is down, do that. If this occurs, do this, that type of preparedness is going to be really useful when you’re in that high-stress scenario and you want to be able to make the right decisions and minimize the impact.
Q2: What resources does NIST offer to help manage ransomware risk?
One piece of documentation that we recently published is actually a cybersecurity framework profile for ransomware risk management. For those who may not be familiar with NIST several years ago, we published, in collaboration with industry and academia and legal folks and a whole bunch of communities, what’s called the NIST Cybersecurity Framework, or as we call it the CSF, that is a foundational document that’s really seen a lot of traction. So, if you are familiar with your framework, you’ll know that the framework has a set of five functions; identify, protect, detect, respond, and recover. Then, associated with those functions are a series of security controls that you can implement to make sure you’re implementing that function within your organization.
So if you are looking at either assessing what your preparedness is for ransomware now, and you want to do sort of a gap analysis, that would be a good way to use that resource, or if you’re just not really sure what it takes to be prepared for ransomware attack and you’re trying to get a feel for the types of controls you want to have in place, the types of communication channels as I mentioned before, that type of thing, the document works really well for that as.
This concludes Part 2 of Episode 1: Data Security and Ransomware Defense. This also concludes Episode 1of the Cybersecurity Expert Series. Thank you very much for watching. Stay tuned for Episode 2, where we will have more insight from a new expert.
Discover more from NextLabs’ Expert Series, featuring industry experts in educational and thought-provoking conversations on Data-Centric Security, Zero Trust Architecture, Safeguarding AI, and more.
To comment on this post
Login to NextLabs Community
NextLabs seeks to provide helpful resources and easy to digest information on data-centric security related topics. To discuss and share insights on this resource with peers in the data security field, join the NextLabs community.
Don't have a NextLabs ID? Create an account.