The US Cybersecurity and Infrastructure Security Agency (CISA) has shared guidance on how the government and private sector can prevent ransomware data breaches.
According to Bleeping Computer, CISA’s fact sheet contains the best practices for preventing ransomware attacks and protecting sensitive information from attempts of exfiltration.
The agency has encouraged at-risk organisations to implement recommendations shared in the fact sheet, these recommendations include maintaining offline, encrypted backups of data as well as regularly testing backups.
Organisations can create, maintain and exercise a basic cyber incident response plan, resiliency plan and associated communications plan and can also mitigate internet-facing vulnerabilities and misconfigurations to reduce the attack vector.
CISA also suggested that organisations can reduce the risk of phishing emails from reaching end users by enabling strong spam filters and implementing user awareness and training programs. Government and private sector organisations can also practice good cyber hygiene – such as using up-to-date malware solutions – as well as limiting the number of privileged accounts.
On the issue of blocking ransomware gangs from securing access to customer, employee sensitive or personal information, CISA recommends organisations could implement cybersecurity best practices such as not storing sensitive data on internet-exposed devices and using firewalls, while also ensuring organisations’ cyber incident response and communications plans include response and notification procedures for data breach incidents.
CISA commented, “Ransomware is a serious and increasing threat to all government and private sector organizations, including critical infrastructure organizations. All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems.”
A mid-year report by internet security company SonicWall recently found the number of ransomware attacks in H1 2021 has already outperformed the entire year of 2020 – climbing 151% to reach 304.7m.
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst