Welcome to #RansomwareWeek on the (ISC)² Blog. Ransomware attacks are receiving increased exposure in global news coverage with recent high-profile incidents at SolarWinds and Colonial Pipeline. These events have prompted many companies who previously may have felt secure in their practices to take a deeper look at their security measures and engage in deeper conversations surrounding threat management, cybercriminals, and cybersecurity training. This week we’ll be providing content resources that may be helpful to you, the reader, as your organization wrestles with ransomware prevention and remediation policies and best practices.
As the first item in this week’s coverage, the massive Colonial Pipeline attack has served as a wake-up call about the dangers of ransomware, compelling the U.S. Department of Justice to give ransomware investigations a designation similar to terrorism.
Giving this level of priority to ransomware underscores how these attacks have become one of the most clear and present cybersecurity threats that organizations are facing. On the heels of the pipeline hack, a rash of other ransomware attacks has targeted victims such as meatpacking company JBS, Japanese conglomerate Fujifilm, the Washington, D.C. police, and the Massachusetts Steamship Authority.
As reported by Reuters, internal guidance from the Justice Department to U.S. attorneys’ offices throughout the country instructs them to coordinate information on ransomware investigations with a recently created taskforce in Washington.
“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, principle associate deputy attorney general at the Justice Department.
Time for Action
The intensifying severity of cyberattacks, especially those involving ransomware, has prompted a clarion call for defensive action. In May, President Joe Biden issued an Executive Order instructing federal agencies to step up “efforts to identify, deter, protect against, detect, and respond to” cyber threats and adversaries.
The order requires federal agencies to adopt a number of security controls and best practices, including the implementation of Zero Trust policies and adoption of the National Institute of Standards and Technology (NIST) Framework. The order was prompted by the supply chain attack on SolarWinds in late 2020, which also affected federal and European Union agencies, as well as numerous private companies.
The Justice Department’s handling of ransomware as a terrorist threat and the President’s Executive Order are solid steps in addressing cyber threats, which arguably have become the biggest challenge faced by any organization with an Internet connection.
But government action only gets you so far. In every corner office and boardroom, there should be discussions and strategy sessions about how to handle the threat. Leadership in organizations large and small should be having conversations with cybersecurity teams to review security strategies and make sure best practices like multi-factor authentication and privileged access management are being employed or considered.
Together, they need to determine if the organization has all controls and practices in place to prevent a breach. And if one occurs, they should be prepared to respond swiftly and effectively in order to limit the damage and prevent the types of disruptions that occurred with the Colonial Pipeline and Massachusetts Steamship Authority hacks.
For their part, cybersecurity teams should approach leadership to make sure the discussions take place. Leadership needs to understand their organization’s unique risk profile and receive assurances that all needed security controls are in place. And if they aren’t, to understand what it will take to fortify their defenses and avoid becoming the next high-profile victim.
The post U.S. Government Equates Threat of Ransomware with Terrorism | #RansomwareWeek appeared first on Cybersecurity Insiders.
June 21, 2021 at 09:15PM
0 comments:
Post a Comment