NIST Releases Draft of Ransomware Risk Management Framework

June 17, 2021 - In a preliminary draft the National Institute of Standards and Technology (NIST) released its “Cybersecurity Framework Profile for Ransomware Risk Management,” which aims to assist organizations in preventing, responding to, recovering from, and managing risk of ransomware attacks.

The draft is open for comments through July 9th and will have at least one more comment period before it is officially published. The Ransomware Profile contains detailed steps an organization can take to reduce risk levels and prevent ransomware attacks.

NIST identifies some essential first steps to ensuring cybersecurity: using antivirus software, allowing only authorized apps, keeping computers patched, blocking access to known ransomware sites, and restricting personal devices on work networks.

In addition, NIST recommends that organizations take preventative measures so they are prepared in the event of a ransomware attack, including backing up data and making an incident recovery plan.

All recommendations outlined in the framework profile are meant to be used in conjunction with the NIST Cybersecurity Framework and NIST’s other specific resources that provide guidance on patching software, improving telework device security, and more.

The detailed Ransomware Profile is split into five categories, informed by the Cybersecurity Framework: identify, protect, detect, respond, and recover. Each category of the profile also contains subcategories with more specialized references that organizations can consult, along with a ransomware application section that explains how each subcategory can help to prevent and respond to ransomware attacks.

The first category, “identify,” involves developing an organization-wide understanding of cybersecurity risks. Essentially, this category is the foundation on which the rest of the cybersecurity measures are built.

“Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs,” the Ransomware Profile explained.

The “protect” category involves implementing security systems and safeguards that prevent the disruption of critical services. The profile recommends proper credential management and network segmentation.

In the “detect” category, the Ransomware Profile outlines what to look out for with early detection of ransomware events. It recommends monitoring personnel activity and keeping detailed records and conducting audits to get ahead of suspicious activity.

Finally, the “respond” and “recover” categories provide guidelines for reporting a ransomware attack and recovering trust with stakeholders after an attack.

Recently, NIST also released a draft regarding the use of mobile device biometrics as an authentication method for first responders. The draft addressed potential security challenges they may come across in deploying biometric authentication systems.

These recommendations come at a time when the healthcare sector has been particularly vulnerable to ransomware attacks. A recent CaptureRx data breach affected at least 17 healthcare organizations, and health data from over a million patients was exposed. Other data breaches continue to force EHR systems into downtime and delay patient care.