President Joe Biden sent out a memo building on the Cybersecurity Executive Order. As stated in the memo, the number and size of ransomware incidents have significantly increased. Security of both private and public sector infrastructure remains a top priority. Under Biden’s leadership, the Federal Government will be working with partners around the globe to disrupt and deter ransomware threat actors by “disrupting ransomware networks, working with international partners to hold countries that harbor ransomware actors accountable, developing cohesive and consistent policies towards ransom payments and enabling rapid tracing and interdiction of virtual currency proceeds,” according to Biden’s memo.
As highlighted, even within the private sector, no organization large or small is safe from these nefarious attacks. This means the private sector has a critical role to play in protecting itself and consumers against ransomware threats. Biden’s memo is urging companies to view ransomware as a threat to their core business operations rather than just as a risk of data theft.
The keys to understanding the risks involved in cybercrime are ensuring there is a comprehensive cybersecurity strategy in place to detect and mitigate threats as they occur and having a contingency plan in place to respond to cyber incidents. Key stakeholders within an organization should discuss the increasingly common risk of ransomware and other threats and evaluate their current corporate security posture against these recommendations.
Implement the five best practices from President Biden’s Executive Order:
- Multi-factor authentication (MFA) — We recommend using MFA and prioritizing the use of an application (like Google Authenticator or Microsoft Authenticator) before SMS (text message). Along with other controls, our NIST/Cybersecurity Framework assessment can help organizations identify missing or partially implemented controls and prioritize improvements.
- Endpoint detection and response (EDR) — Our Managed Detection and Response (MDR) service provides endpoint detection, response, and threat hunting across all endpoints, as well as strong next-generation threat prevention that outperforms traditional antivirus.
- Encryption — We recommend using encryption to secure digital assets in transit and at rest. Encryption can protect sensitive information by using algorithms to scramble or code sensitive information, making it readable only with a decryption key. Our Application and System Architecture Reviews have helped many customers identify gaps such as missing encryption.
- Employment of a skilled security team — While a good recommendation, this remains challenging for most organizations. Through our MDR service, our security operations center (SOC) acts as an extension of your internal team, monitoring and hunting for threats 24/7 and combining artificial intelligence with our expert analysts.
- The sharing and incorporation of threat information in your defense — Through our MDR and Incident Response (IR) services, our analysts apply their expertise to analyze a client’s environment and uncover previously unknown threats. Threat intelligence is collected from these investigations and combined with our network of sensors and intelligence from public and private sector partnerships. Our clients receive the benefit of threat intel sharing through our fully managed services and threat briefing.
Backup your data, system images, and configurations. Test them regularly and keep the backups offline.
- As a best practice, store all backups off-site, away from your existing infrastructure. All backups should always be encrypted to protect your data from theft and other forms of extortion in the event attackers gain unauthorized access to your network. Pondurance is able to assist with Business Continuity Planning and Review along with Incident Response Planning.
Update and patch systems promptly.
- Many organizations struggle to keep up with the latest vulnerability and lack a sense of what to patch first. Our Vulnerability Management Program provides guided recommendations tailored to patch and remediate cybersecurity risks across applications and infrastructure.
Test your incident response plan.
- Our Red Teaming and Security Incident Response Planning services ensure that our clients are prepared in the event of an incident. They accelerate the time it takes to investigate and contain an incident, determine exposure through forensic analysis, and restore operations.
Check your security team’s work. Use a pen tester.
- Our Penetration Testers and Red Teamers perform focused testing to exploit vulnerabilities and penetrate systems to mirror the behavior of a real-world attacker, providing you with guided recommendations on how to harden these gaps.
Segment your networks.
- Our Application and System Architecture Reviews help customers understand the gaps in their network design and segmentation strategy, keeping corporate business functions and other operations separated. At the same time, we know that organizations must maintain 360-degree visibility across all connected devices. Our MDR service eliminates blind spots along with actively monitoring these assets on a 24/7 basis. This includes monitoring protected or quarantined segments for anomalous and malicious IP traffic patterns.
Ransomware has disrupted numerous organizations, especially amid the COVID-19 pandemic. Healthcare is especially vulnerable to ransomware, and we will continue to see an uptick in attacks in this industry. Hospital networks and medical devices that require an internet connection to improve and monitor patient care are particularly vulnerable to downtime caused by ransomware. The financial impact of ransomware attacks is multifaceted. The rising costs of these attacks include business disruption, revenue loss, exposure of protected health information (PHI), fines and HIPAA violations, and ransomware negotiations.
Pondurance offers a comprehensive suite of cybersecurity solutions that can provide your organization with pre-incident, incident, and post-incident strategies that can elevate your cybersecurity maturity model to protect you from today and tomorrow’s cyber threats. Recognized by Gartner, Pondurance provides 24/7 U.S.-based Security Operations Center (SOC) services powered by analysts, threat hunters, and incident responders who utilize our advanced cloud-native platform to provide organizations with continuous cyber risk reduction. Learn more about our MDR services in our guide: 5 Things to Consider When Choosing an MDR Provider.