How to Manage Ransomware Risk: (NIST Framework Part 2: PROTECT)

How to Manage Ransomware Risk: (NIST Framework Part 2: PROTECT)


Jed Fearon

Solution Advisor, 17+ years of experience in MSP Solution Development, Sales and Marketing Communications

Welcome to part two in a series of five blogs created to help you manage ransomware risk with the NIST framework.

NIST is short for National Institute of Standards and Technology. In a world of infinite hardware, software, and cloud options (and opinions), this non-regulatory agency and their Information Technology Laboratory (ITL) produce a never-ending and iterative catalog of compliance-friendly publications (blueprints) to guide your IT journey.

NIST’s technical leadership fuels the U.S. economy and public welfare with measurement and standards recommendations (based on extensive testing and analysis) to advance the development and productive use of information technology.

Why should this matter to you? NIST continuously develops management, administrative, technical, and physical standards, along with guidelines to inform and prioritize cost-effective security and privacy initiatives for your business.

They’re doing most of the heavy lifting, so you don’t have to! And your burden will be even lighter if you allow your MSP (and their vCIOs) to play a commanding role in guiding your journey.

The Ransomware Problem

As per NIST, “Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competitors, or the public.”

Learn More: NISTIR 8374 Draft

While managing risk always involves new budgetary considerations, your costs will be offset if your organization harnesses thoughtfully planned and architected technology to grow your business AND to avoid being torpedoed by ransomware attacks and legal episodes.

The outcomes you wish to avoid are almost always much more expensive than preventative measures!

Learn More: Ransomware Costs Besides the Ransom

NIST Framework Part 2: PROTECT

Your vCIO can illuminate the business impact each of the following has on your organization.

1 - Identity Management, Authentication, and Access Control

Access to your digital estate, including your physical locations, needs to be limited to authorized users.

Network connections are pipelines for infections. Everything is networked, making this digital transport the most popular conduit for ransomware infiltration.

A single credential compromise allows an invader to get inside your network then pivot with elevated privileges into other areas, so they look like an insider. Multi-Factor Authentication (MFA) is highly recommended.

Learn More: What is MFA?

2 - Awareness and Training

Teaching your employees to be “human firewalls” gives your organization tremendous leverage to align their operating routine with related policies, procedures, and cyber safeguards.

The term “human firewalls” is popular because 95% of data breaches are related to user behavior: reusing simple passwords, never changing passwords, clicking on random email links, etc.

Don’t let this inspire you to forget about the technical details. Just know, people are the weakest link. So be sure to embrace ongoing training, testing, and more training. (It’s not expensive either!)

Learn More: KnowBe4 Training Commercial

3 - Data Security

Data protection is based on the three security objectives of Federal Information Security Modernization Act (FISMA): confidentiality, integrity, and availability.

This program includes verifying software, firmware, and information integrity to detect tampering activity by criminals who actively scan for updating gaps to insert malware (the launching mechanism for ransomware).

Learn More: FISMA Overview

4 - Information Protection Processes and Procedures

Security policies are assembled into a detailed playbook to manage and protect assets, organized by:

  • Purpose
  • Scope
  • Roles
  • Responsibilities
  • Management commitment
  • Organizational coordination

This category includes but is not limited to setting up functional baselines to assess the effect of potential threat deviations on performance, enforce timely updates to software, and maintain security configuration settings.

It’s important to establish a cadence for scheduled response and recovery testing for ransomware episodes…and everything else that can go wrong.

Backups deserve special recognition for a reason: intruders will get in!

Every company has some lurking internal threat. Don’t worry. Your MSP can advise you on solutions that limit and prevent further damage at this stage. However, when all else fails, a solid, geographically diverse backup solution will save the day.

5 - Maintenance

Consistent maintenance and repairs, AKA basic blocking and tackling of IT systems and related business equipment, seem like a forgone conclusion, but it’s not always happening.

Larger company IT departments and MSPs have remote monitoring and management tools that identify weak spots and cue up alerts for automated updating and replacements when warranted.

Remote services also include malware blocking. Remember, one of the best ways to reduce ransomware is to eliminate the software that allows it to take over your systems and encrypt your data.

6 - Protective Technology

The marketplace is loaded with email and extended detection and response (EDR) solutions that defend your endpoints and fortify the resilience of your systems. Many employ machine learning and advanced AI.

You’ve probably heard of Proofpoint and SentinelOne. There are many other alternatives as well. Providers in this space can produce granular data (audit/log records) to track abnormal traffic, which allows your MSP to respond in real-time and identify future hazards.

Learn More: SentinelOne

Adopting the principle of least functionality is equally significant. This guideline dictates that your team only has access to what they need to do their jobs. Nothing else. The governing idea is simplicity with the primary goal of stopping the lateral spread of malware once it’s on your network.

What’s Next?

As I mentioned in my first installment, I hope you get more comfortable with the NIST ransomware management basics.

The success of your mission hinges on business-enabling technology strategically planned to boost operations and minimize disruptions of any kind.

Related blogs covering the three other pillars of the NIST Framework (Detect, Respond, and Recover) are on the way.

If you enjoyed this article, you might also like some of the related content in our free eBook.