Enhancing ransomware safety guidelines may encounter obstacles due to its complexity and numerous steps involved
In an effort to help small- to medium-sized businesses (SMBs) better navigate the complex world of cyber threats, the Institute for Security and Technology has published a new report titled "Blueprint for Ransomware Defense". However, the report's authors, Megan Stifel and Valecia Stocchetti, have not revealed their identities in the published document.
The report, which includes 40 safeguards, is a curated subset of the guidance in the Center for Internet Security's critical security controls. The authors suggest that any actions taken, full or partial, represent a step in the right direction. Balancing prescriptive and prospective guidance in the battle against ransomware is challenging, especially for smaller organizations, but the report aims to provide practical, easy-to-understand advice.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, emphasized this point at the RSA Conference in June, stating the need to explain these tasks in ways that are not too complicated, confusing, or technical. The report follows this philosophy, offering foundational guidance that involves procedural steps for vulnerability management, security awareness, incident reporting, configurations, and access management.
National Cyber Director Chris Inglis compared these cybersecurity responsibilities to individual physical defense, such as looking both ways before crossing a busy street. He also stated that we have made cybersecurity seem harder to do than it is.
The report acknowledges that not every organization can implement every safeguard immediately. It suggests that starting small is the key when implementing a security framework for SMBs. Some relatively straightforward tasks to bolster cybersecurity include software updates, improved password management, and multifactor authentication. The report also advises organizations to establish and maintain an inventory of all assets and accounts, and to grow defenses at a pace that takes available resources and appropriate needs into account.
The 40 safeguards, including 14 foundational and 26 actionable, have been selected for their effectiveness in defending against ransomware attacks. The authors of the report believe that these measures, if implemented diligently, can significantly reduce the risk of a ransomware attack for SMBs.
In conclusion, the "Blueprint for Ransomware Defense" offers a practical, easy-to-understand guide for small- to medium-sized businesses to navigate the complex world of cyber threats. By following the advice provided in the report, SMBs can take significant steps towards protecting their assets and data from ransomware attacks.
