NIST Ransomware Detection and Response Guide: Call for Comments
The National Cybersecurity Center of Excellence (NCCoE) has released a draft for public comment of the National Institute of Standards and Technology (NIST) Cybersecurity Special Publication, Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events.
The draft guide is particularly timely for MSSPs and MSPs — which remain prime targets for ransomware and other types of cyberattacks.
The document is intended as a best practice guide for those charged with protecting their organizations’ privacy, data and security profile such as executives, chief information security officers (CISO), system administrators, and others who have a stake in safeguarding data, privacy, and overall operational security. The project is to develop a reference design using commercially available technologies that will help various organizations implement stronger controls in a data security event, along with identifying relevant tools and strategies to responders. Private sector vendors participating in the project include Cisco, Glasswall, Micro Focus, Semperis, Symantec and Tripwire, all of which have relevant capabilities or products.
The three volume set includes an executive summary, a section on approach, architecture and security characteristics and a document containing how-to guides. The complete set can be downloaded here. The practice guide informs organizations of how to quickly detect and respond to data integrity attacks by implementing appropriate activities that immediately inform stakeholders.
In addition, the solution provides guidance on how to respond to the detected event, including deploying existing technologies that provided the following capabilities:
- Event detection
- Integrity monitoring
- Mitigation and containment
“Addressing these functions together enables organizations to have the necessary tools to act during a data integrity attack,” the NCCoE said.
NIST published version 1.1 of the Cybersecurity Framework in April 2018 to provide guidance on protecting and developing resiliency for critical infrastructure and other sectors.
Hackers, Ransomware, Malware Target MSPs
NIST’s efforts are particularly timely. MSPs and their various software platforms remain prime targets for ransomware and other types of attacks. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
To get ahead of the cyber threat, MSSP Alert and ChannelE2E have recommended that readers:
- Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
- Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
- Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
- Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
- Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat, Amazon AWS re:Inforce, and PerchyCon 2020.