Ransomware guidance

CISA Guidance Recommends Ways to Secure Data From Aggressive Ransomware Actors

The Cybersecurity and Infrastructure Security Agency has released new guidance to help organizations protect sensitive and personal information from ransomware-caused data breaches.

The guidance recognizes the shift in ransomware tactics, with malicious actors abandoning their previous passive approach of rendering devices unusable until the ransom is paid. Now, attackers threaten to sell or leak sensitive data they have gained access to.

According to CISA, all organizations are susceptible to ransomware attacks and are responsible for securing sensitive and personal data stored on their systems, Nextgov reported.

The first section of the guidance is focused on prevention. CISA recommends maintaining offline, encrypted backups of data and regularly testing backups; adopting a basic cyber incident response plan, resiliency plan and associated communications plan; and practicing good hygiene such as employing multi-factor authentication and updating antivirus and anti-malware software.

Secondly, CISA offers tips to protect data. Organizations are advised to keep track of the sensitive information they have and who can access them. It is also suggested that organizations implement physical security best practices from the Federal Trade Commission and cybersecurity best practices like setting up firewalls and applying network segmentation.

The last section of the guidance is about responding to data breaches. CISA said it is best to isolate and triage impacted systems to secure network operations and prevent additional data loss. The agency also recommends requesting assistance from a reputable third-party incident response provider with experience in data breaches.