Task Force Gives SMBs Blueprint to Defend Against Ransomware
Small and medium-sized businesses (SMBs) have an opportunity to protect themselves against the scourge of ransomware by following guidance offered by the Blueprint for Ransomware Defense released by the Ransomware Task Force (RTF) from the Institute for Security and Technology (IST).
A sizable number of cyberattacks (43%) “target small businesses, but only 14% are prepared to defend themselves,” the task force noted, citing Accenture’s 2019 Cost of Cybercrime Study.
The recommendations come as ransomware techniques have expanded over the last few years. “Previously, only certain groups would have the capability to perform advanced attacks that leverage zero-days within days of release,” said Matthew Warner, CTO and co-founder at Blumira. “Now we see ransomware operators either buying or identifying their own zero-days or leveraging zero-days as soon as possible within their campaigns.”
Indeed, ransomware “has become a key fixture of cybercrime as we continue to move toward a post-COVID-19 world,” said Alex Ondrick, director of security operations at BreachQuest. “The rise of automation and distributed ‘as-a-service’ operations allow both businesses and ransomware operators to work remotely and to distribute their workload. An increasingly decentralized ransomware threat landscape has created an opportunity for more ransomware-as-a-service (RaaS) attackers, and more ransomware attacks.”
SMB Safeguards
The task force’s blueprint provides 40 of what the IST called “actionable and achievable safeguards” based on Center for Internet Security Critical Security Controls (CIS Controls) v8 and are intended to be recommendations of defensive actions that SMBs can take to guard against and respond to ransomware as well as other cyberattacks.
“These safeguards represent a minimum standard of information security for all enterprises and are what should be applied to defend against the most common attacks,” the task force said.
The defensive actions recommended are divided into two groups—foundational and actionable—and include controls around enterprise asset and software inventory management, vulnerability management, malware defense, training, data recovery and incident response.
For instance, the group placed a premium on organizations identifying what’s on their networks in terms of technology in use and data that is being stored or transmitted. The blueprint said that it is foundational for SMBs to “establish and maintain enterprise asset and software inventories to better manage all connected devices and implement data management processes that clearly outline the collection, use and storage of data. Activities also include establishing and maintaining an inventory of accounts including regular user accounts and those with elevated privileges.”
But effective security also means taking additional actions. So, among the blueprint’s 26 actionable safeguards are additional actions that build on the foundational items. These “are all about applying the technical controls needed to protect an enterprise’s environment,” the task force wrote. “Following on from the Foundational Safeguards in Identify that established knowledge about the devices and data in the SMEs environment, the Blueprint’s Actionable Safeguard within the Identify category requires SMEs to ensure that they are always using authorized and the most up-to-date software available across their enterprise assets.”
Vulnerabilities Remain a Top Ransomware Vector
Because threat actors “continuously scan networks to exploit vulnerable versions of software,” vulnerabilities continue to be a top initial attack vector “for ransomware attacks so keeping software up to date and auditing that list of software frequently will help to reduce the risk of exploitation,” the report said.
“To protect against ransomware or to prevent the leakage of sensitive data, all organizations should invest in encrypting their sensitive data at rest, and preferably with unique encryption keys per file or object,” said Scott Bledsoe, CEO at Theon Technology. “With granular encryption of data at rest, the compromise of a single encryption key will only result in a single item of information being disclosed and will prevent large-scale disclosure of sensitive information.”
The safeguards included in the blueprint are aligned with NIST’s Cybersecurity Framework—identify, protect, detect, respond and recover. “Grouping actions by these functions can help SMEs better understand their risks, the steps needed to protect their enterprise from that risk, the tools that can be used to find and detect risks and the solutions available to contain and remediate threats as quickly as possible,” the task force working group noted.
“The Blueprint’s publication culminates many months of collaborative work and reflects one of the multiple ongoing efforts to implement the task force’s recommendations,” Megan Stifel, co-chair of the RTF and chief strategy officer at the IST, said in a statement. “We urge all organizations, and especially SMEs, to review this guidance and take action to reduce their ransomware risk. Together, we can bolster collective resilience to this threat.”
