Ransomware Defense Guidance Risks Hang-Ups Under Many Steps – Cybersecurity Dive

Ransomware defense guidance risks hang-ups under many steps – Cybersecurity Dive

Small and mid-sized businesses don’t typically have the resources to meet every safeguard. But every action, however small, helps.
Balancing prescriptive and prospective guidance in the battle against ransomware is difficult for large enterprises and often even more so for their smaller counterparts. 
Two of the report’s authors — Megan Stifel, chief strategy officer at the Institute for Security and Technology, and Valecia Stocchetti, senior cybersecurity engineer at the Center for Internet Security — said every little bit helps. 
“It’s easy for [SMBs] to become overwhelmed when implementing a security framework. Starting small is the key,” Stifel and Stocchetti said via email.
Organizations should, as a baseline, establish and maintain an inventory of all assets and accounts, then grow defenses at a pace that takes available resources and appropriate needs into account, according to the Blueprint for Ransomware Defense published by the Institute for Security and Technology. 
The 40 safeguards, including 14 deemed foundational and 26 described as actionable, were selected for their effectiveness in defending against ransomware attacks. 
The foundational guidance involves procedural steps to identify, protect, respond and recover from ransomware. This includes the establishment of programs for vulnerability management, security awareness, incident reporting, configurations and the granting or revoking of access.
Communicating best practices, even less complicated actions that can bolster cybersecurity remains troublesome across every level of responsibility in governments, enterprises, SMBs and individuals.
Software updates, improved password management and multifactor authentication are relatively straightforward tasks that need to be explained in ways that people and organizations don’t find too complicated, too confusing or too technical, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said in June at the RSA Conference.
These responsibilities fall on all of us, akin to how individuals participate in their own physical defense by default, such as looking both ways before crossing a busy street, National Cyber Director Chris Inglis said on a panel with Easterly at the conference.
“We’ve made it seem like it’s harder to do than it is,” he said.
Get the free daily newsletter read by industry experts
Addressing the causes of burnout requires a top-down approach that better aligns security teams with the rest of the business.
Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
Addressing the causes of burnout requires a top-down approach that better aligns security teams with the rest of the business.
Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.
The free newsletter covering the top industry headlines

source

Leave a Comment

Leave a Reply

Your email address will not be published.

MedCrypt Welcomes Jamell Pentecost as New Senior Director of Product Security Services – PR Newswire

The Cyber Resilience Act – Security – Germany – Mondaq

How are the new cyber security guidelines going to help businesses and service providers? – Times of India

Time to treat Afghan allies with same respect as those fleeing Ukraine – The Hill