Cybersecurity News

DHS CISA Shares Best Practice Ransomware Guide, Telework Toolkit

Two recent releases from DHS CISA detail best practice guidance for ransomware and other threats, as well as a toolkit for transitioning into a secure, permanent telework environment.

DHS CISA MS-ISAC ransomware insights cyber threat telework guidance endpoint defense protection security training awareness risk management

By Jessica Davis

- The Department of Homeland Security Cybersecurity and Infrastructure Security Agency recently released a pair of insights. The first outlines best practice guidance for ransomware and other threats, while the other provides a toolkit to help organizations transition into a secure telework environment. 

The ransomware guide was drafted in collaboration with the Multi-State Information Sharing and Analysis Center (MS-ISAC) and details practices organizations need to continuously undertake to manage the risk posed by ransomware and other cyber threats. 

The guide contains actionable best practice prevention methods, along with a ransomware checklist meant to be included in the enterprise incident response plan. The release comes on the heels of a CISA alert on the resurgence of Emotet malware, which is frequently used to deliver ransomware. 

“Malicious actors engage in lateral movement to target critical data and propagate ransomware across entire networks,” according to the guide. “These actors also increasingly use tactics, such as deleting system backups, that make restoration and recovery more difficult or infeasible for impacted organizations.” 

“The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations large and small,” they added. 

Particularly in healthcare, ransomware has continued to dominate the threat landscape. And as resources remain strained amid the pandemic response, reviewing available resources and applying applicable recommendations can strengthen an organization’s cyber posture. 

The guidance outlines recommendation preparations, including backups and a basic cyber incident response plan – including notification procedures for ransomware incidents. 

Enterprises can also find insights on the techniques and vulnerabilities leveraged by hackers to deploy the ransomware payload, including internet-facing vulnerabilities and misconfiguration errors, phishing attacks, malware infections, and third-party vendors and managed service providers. 

The guide contains step-by-step techniques to harden defenses and general best practices, as well as a checklist for responding to a suspected ransomware attack. Organizations can also find contact information for federal asset response. 

Healthcare entities can also review ransomware guidance from MicrosoftNIST, and the Office for Civil Rights to better understand the disruptive threat, as recent reports show healthcare remains the prime target for hackers. 

Telework Guide 

The telework toolkit was released a few days prior to the ransomware insights and provides three personalized modules for executive leaders, IT professionals, and teleworkers. 

While COVID-19 fraud and phishing attempts have declined from the initial spike at the start of the crisis, credential theft and other threats, like ransomware continue to pummel the healthcare sector, which makes it imperative to secure the remote workforce. 

The toolkit contains directives for executives tasked with leading cybersecurity strategies, investments, and culture across the enterprise. Leaders can find insights into drafting organizational policies and procedures, cybersecurity training requirements, shifting organizational assets to support telework, and building a secure, hybrid cyber culture. 

IT professionals will find insights related to the development of security awareness and vigilance, such as patching and vulnerability management, as well as the need to implement multi-factor authentication, enterprise cybersecurity controls, and organizationally approved products. 

There are also directives for teleworkers to develop home network security awareness and vigilance, which includes properly configuring and hardening the home network, opening email attachments, and communicating suspicious activities. 

As insiders remain one the biggest vulnerabilities to the enterprise, ensuring employees understand security needs and enterprise expectations can protect organizations from falling victim to bigger attacks. Healthcare organizations can also review OCR guidance on managing the threat of employees with malicious intent.