CISA, the FBI, NSA, the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre released a CISA Joint Cybersecurity Advisory highlighting a rise in ransomware incidents against critical infrastructure organizations in 2021. These ransomware incidents are sophisticated and high-impact.
The advisory lists 18 mitigation steps 😬 (included below for reference). I can think of additional items that aren’t on this list. And many of these 18 items are not simple fixes. This is why ransomware is so challenging for most organizations to prevent. Want to ensure you’re able to keep ransomware out of your environment? Ask about our ransomware prevention assessment.
- Keep all operating systems and software up to date
- If you use RDP or other potentially risky services, secure and monitor them closely
- Implement a user training program and phishing exercises
- Require MFA
- Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to have strong, unique passwords
- If using Linux, use a Linux security module (such as SELinux, AppArmor, or SecComp) for defense in depth
- Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud
- Segment networks
- Implement end-to-end encryption
- Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a network-monitoring tool
- Document external remote connections
- Implement time-based access for privileged accounts
- Enforce principle of least privilege through authorization policies
- Reduce credential exposure
- Disable unneeded command-line utilities; constrain scripting activities and permissions, and monitor their usage
- Maintain offline (i.e., physically disconnected) backups of data, and regularly test backup and restoration
- Ensure all backup data is encrypted
- Collect telemetry from cloud environments
Geoff Wilson is an innovative cybersecurity thought leader with deep experience in defensive cybersecurity strategies. Having studied at Carnegie Mellon University and trained at the National Security Agency, Geoff brings 17 years of cybersecurity experience to your organization.
In his many cybersecurity roles, Geoff has been an IT Auditor, Penetration Tester, Risk Assessor, Forensic Analyst, SOC Engineer, Information Security Officer, Software Developer, Author, University Professor, and Consultant.
Geoff is a business leader having founded Go Security Pro in early 2019 with his co-founder Susan Wilson. Geoff regularly speaks at conferences, presents to executive leadership and boards, and can get in the technical weeds with IT professionals.
Geoff treats every engagement as a knowledge transfer opportunity and every client with the utmost care. He is ready to assist you with your cybersecurity challenges.