New NIST Guidance: How Does It Help Against Cybercriminals?

The National Institute of Standards and Technology (NIST) recently published new draft guidance to help organizations defend against, manage, and recover from a ransomware attack.

The draft guidance, The Cybersecurity Framework Profile for Ransomware Risk Management, is intended to be used with the NIST Cybersecurity Framework as well as other guidance from NIST, the Department of Homeland Security, and the Federal Bureau of Investigation. Organizations can use the draft guidance to improve their risk postures or implement a risk management framework that includes addressing ransomware. Planning can also help organizations that fall victim to a ransomware attack recover more quickly.

A revised copy of the draft guidance will be released based on feedback received before July 09, 2021. A second commentary period will occur before the final document is published. Sarah Coble "NIST Publishes Ransomware Guidance" infosecurity-magazine.com (Jun. 22, 2021).


 

Commentary

The NIST’s new ransomware draft Guidance recommends that organizations do the following:

  • Keep computers fully patched
  • Install antivirus software
  • Block access to sites known to contain ransomware
  • Only allow the use of authorized apps
  • Conduct automatic scans of emails and flash drives
  • Restrict the use of personal devices
  • Limit accounts with administrative privileges
  • Prohibit personal apps
  • Provide security awareness training to employees to teach them about the danger of opening files or clicking on links in emails sent from an unknown source
  • Develop an incident recovery plan and a comprehensive backup and restoration strategy and
  • Maintain a list of internal and external ransomware attack contacts that is kept updated.
Finally, your opinion is important to us. Please complete the opinion survey:

News

Eliminate Barriers To Employee Disclosure Of Cyber Vulnerabilities

If someone in your organization knew about a vulnerability and kept quiet, the consequences could be severe. We examine. Read More

New NIST Guidance: How Does It Help Against Cybercriminals?

There are several cybersecurity measures your organization can take to prevent a ransomware attack or to recover from one. Read More

CAPTCHA Turns To GOTCHA: How Online Criminals Are Upping Their Phishing Game To Incorporate Fake Security Credentials

Read about a scheme increasingly used to deceive users, and keep your employees informed. Read More