As ransomware attacks become more sophisticated and damaging, resources from the Federal government are providing guidance on how to combat attacks, reduce attack surfaces, and speed recovery – government and private sector experts said during a May 3 webinar organized by MeriTalk and Cohesity.
Marisol Cruz Cain, Director for IT and Cybersecurity at the Government Accountability Office (GAO), and Steve Grewal, Strategic Federal Advisor at Cohesity, explained the top considerations for government and private sector organizations to improve incident response, restore data, and improve cyber resilience during the Achieving Cyber Resiliency: A Roadmap to Protect Agency High Value Assets webinar.
Not every agency has standardized ransomware guidance to turn to, but luckily, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) offers a lot of on-point information for just that purpose.
“There are several resources out there that offer best practices or information on ransomware prevention and response,” said Cruz Cain. “One of the best resources is CISA’s website: www.stopransomware.gov, and it includes a plethora of information for both ransomware prevention and response.”
One of the resources on the CISA website, Cruz Cain said, is a ransomware guide that includes a checklist for victimized organizations, and technical insights to minimize the chance of becoming a victim.
Among the steps in those guides that Cruz Cain highlighted:
- Implementing user training and phishing exercises to raise staff awareness on the risk of suspicious links and attachments;
- Prioritizing scanning and patching internet-facing devices while using multi-factor authentication;
- Securing and monitoring remote desktop protocol, making backups of data and testing them regularly; and
- Creating an incident response plan and executing on it regularly.
Grewal advised “first and foremost” for organizations to have “actionable, technically oriented plans that we test on a routine basis” when he discussed what agencies can do to prepare for breaches, and recover and restore operations.
“Then you have disaster recovery plans, [and] perhaps at an organizational level, business continuity plans that may become driven more by some of the personnel and physical security side,” he added.
Having well-defined policies and specific planned steps are paramount to improving incident response and recovery, both speakers agreed.
For the whole story, please view a complementary replay of the May 3 webinar.