U.S. Government Launches Ransomware Resource Website

The number of ransomware attacks in the US has more than doubled in the last twelve months according to SonicWall’s 2021 cybersecurity report. Not only has there been a dramatic increase in the number of ransomware attacks but the ransom amounts being asked by cyber criminals has dramatically increased as well. To make matters even more dire, a recent survey of over 5,400 IT decision makers found that 54% say cyberattacks are now too advanced for their IT Team to handle on their own.

Late last year, the U.S. Treasury issued a warning to US corporations that opt to pay their attackers citing that those corporations may be subject to sanctions against them by paying ransoms to malicious actors in countries that have US embargoes against them. The continued escalation of ransomware attacks on US corporations has now prompted the U.S. Government to create a website in an attempt to educate corporations on how to reduce the risk of ransomware.

As you read through the newly issued Ransomware Guide, it becomes clear that only a few recommendations are related to the logging or detection of activity while the majority of the items listed are preventative steps organizations should take to prevent attacks in the first place, or at least significantly reduce their impact. Below are some highlights:

1. 1. 1. 1. Maintain Backups
         2. Create, Maintain and Exercise a basic cyber incident response plan
         3. Conduct Vulnerability Management
         4. Regular patching hardware and software
         5. Employ best practices for high risk protocols (RDP, SMB, etc)
         6. Implement a Cybersecurity user awareness and training program
         7. Properly implement and configure email security gateway
         8. Disable macro use
         9. Ensure Anti-Virus/Malware signatures are up to date
         10. Software/Application management
         11. (Detect) Consider implementing intrusion detection system
         12. Employ MFA/2FA
         13. Apply policy of least privilege
         14. Make proper use of protected user groups in AD
         15. Audit user accounts
         16. Properly harden cloud environments
         17. Develop and regularly update comprehensive network diagram
         18. Employ proper network segmentation
         19. Inventory and control network assets

The list goes on. The key point for organizations to realize is that “detection” is only a small component of what is required to “prevent” cybersecurity attacks. The very nature of detecting a cybersecurity attack is to provide an alert that an an attack has already occurred! The focus for organizations should be to prevent the cybersecurity attack in the first place. Despite this fact, many organizations continue to focus a disproportional amount of time, money and resources on cybersecurity solutions and providers that are almost entirely focused on detection efforts.

Zyston understands the importance of preventative actions and leverages a comprehensive XDR (prevent, manage, detect, and respond) cybersecurity model that goes beyond the alert to assure results, strengthen systems and reduce the probability of future attacks.  Start looking beyond the alert and take Zyston’s CyberCast Assessment to better understand how vulnerable your organization is to a cyberattack.

Long live PREVENT!