NIST Shares Draft Guides on Ransomware, Data Integrity Attacks
A pair of draft guides from NIST National Cybersecurity Center of Excellence shed light on ways organizations can better detect, respond, and mitigate ransomware and data integrity attacks.
By - NIST National Cybersecurity Center of Excellence (NCCoE) recently released a pair of draft ransomware guides designed to help organizations detect and respond to the threat, as well as ways to identify threats and protect assets from data integrity cyberattacks.
Industry stakeholders can provide comment through February 26.
Identifying and Protecting Assets Against Ransomware and Other Destructive Events and Detecting and Responding to Ransomware and Other Destructive Event are directed to executives, chief information security officers, system administrators, or those tasked with protecting the enterprise privacy and security.
“Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to an organization’s infrastructure,” NCCoE explained. “Database records, system files, configurations, user files, applications, and customer data are all at risk should an attack occur.”
“Organizations that do not implement identification and protection solutions leave themselves at risk for many types of data integrity attacks,” they added. “Multiple systems need to work together to identify and protect an organization’s assets against the threat of corruption, modification, and destruction.”
To NIST, assets can be protected through secure storage, backup capabilities, log collection, vulnerability management, asset inventory, and file checking mechanisms.
The first guide sheds light on method organizations can use to identify assets that could be targeted by hackers, as well as protection methods. The draft compromises three volumes, including an executive summary; approach, architecture, and security characteristics; and how-to guides.
Organizations can leverage the tool to effectively identify its assets and vulnerabilities, then work to create a baseline for the integrity and activity of systems to prepare for a potential cyberattack. Further, NIST outlines ways to manage enterprise health by assessing machine posture.
The second guide sheds light on the approach, architecture, security analysis, and future build considerations organizations should leverage when looking to detect and respond to ransomware and other destructive security events.
It’s designed to help organizations detect malicious activity on the network and mitigate and contain security events. NIST also sheds light on recommended network monitoring and detection efforts, logging and reporting features to improve response time to security events, analyzing the scope of an attack on the network, devices, and data, and assessing events to improve an enterprise’s defenses.
“Thorough collection of quantitative and qualitative data is important to organizations of all types and sizes,” researchers wrote. “It can impact all aspects of a business… Some organizations have experienced systemic attacks that caused a temporary cessation of operations.
“When data integrity events occur, organizations should have the capabilities to detect and respond in real time,” they added. “Early detection and mitigation can reduce the potential impact of events, including damage to enterprise files, infection of systems, and account compromise.”
To NIST, it’s imperative organizations are able to learn from previous data integrity attacks, which can reveal flaws across the enterprise. Both guides build upon the NIST Cybersecurity Framework.
The guides join a host of other resources healthcare organizations should leverage to shore up their defenses, including those from the Department of Homeland Security and Microsoft.
