Stop Ransomware in Denver with CISA’s New Ransomware Self-Assessment Tool

Ransomware attacks are some of the most well-known and devastating attacks in today’s cybersecurity landscape. It seems that no one can go online today without reading about a new ransomware attack wreaking havoc on an organization. This epidemic is affecting businesses of all sizes and industries, and it shows no signs of slowing down. With ransomware attacks on high-profile businesses, organizations, and agencies making the headlines, business leaders  are constantly asking, ”Are we vulnerable as well?” and ”Are we going to be attacked next?” According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA):
“Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”
Cybercriminals are getting smarter and are finding new tactics to penetrate network defenses as technology advances. While there is a multitude of protective measures that can limit the risk, many business leaders are struggling with the scope of the problem and are turning to external resources for protection and guidance.

CISA Releases New Ransomware Readiness Assessment Tool

In response to the rapid growth in the number of successful ransomware attacks and an increase in the average ransom demands, the Cybersecurity and Infrastructure Security Agency (CISA) has released a ransomware component for its Cyber Security Evaluation Tool (CSET). The CISA’s Ransomware Readiness Assessment (RRA) tool has been designed to meet the needs of a Denver business or organization’s day-to-day operations and IT infrastructure, allowing them to determine how prepared they are to defend themselves against ransomware attacks, and recover from an attack when they become one of the next victims. The Ransomware Readiness Assessment tool provides a comprehensive evaluation process. “The RRA also provides a clear path for improvement and contains an evolving progression of questions tiered by the categories of Basic, Intermediate, and Advanced,” the Cybersecurity and Infrastructure Security Agency (CISA) said. Your organization’s path to improvement can be tailored to meet your organization’s unique objectives. Ransomware Readiness Assessment Stages
  • Basic: Should be executed by Denver businesses and organizations that do not have an understanding of ransomware and need to start protecting their operations by embracing the basic cyber defense protections against ransomware threats.
  • Intermediate: Should be adopted by the businesses and organizations that have already implemented the security measures from the basic stage. These organizations are looking to improve their defense and response to ransomware threats and attacks.
  • Advanced: The organizations that have adopted and implemented the best practices from the basic and intermediate stages and are looking to ramp up their risk posture against ransomware threats adopt the best practices in the advanced stage.

Backup Your Data

One of the first functions Denver organizations should try to fulfill to stop ransomware is testing and securing data backups. If your organization becomes the victim of a ransomware attack, you must have backups of your data. With secure data backups that are tested routinely, your organization will have the ability to restore its data should a ransomware attack occur. According to the Ransomware Readiness Assessment, organizations should conduct daily data backups to an offsite location. While data backups are essential to developing a solid response to ransomware, your data backups will not serve a purpose if they are not tested regularly. According to the RRA, organizations should test their data backups annually. To test your backup, it is recommended that you attempt to restore the data backup to a server and ensure that all of your data is transferred.

Monitor Your Networks

Continuous network monitoring will watch your network traffic for any malicious content. When malicious content is detected, your organization’s Incident Response team can detect threats and respond in the most appropriate manner. At the basic stage, your organization can deploy tools that can monitor your network traffic, so that if a ransomware attack does occur, it will be detected in real-time, paving the way for a swift response. After fulfilling the basic standards of cybersecurity best practices, your organization should begin monitoring its internal network traffic. Your organization should also ensure that its interior and exterior networks are properly segmented to protect your most critical assets. This process involves safeguarding sensitive data by storing it separately from your organization’s main network. If you want to take your security controls a step further, your organization can establish a measure of network activity to identify any activity that is out of the ordinary.

Manage Your Mission-Critical Assets

While it is critical to implement the best security controls to protect your organization’s IT infrastructure, your security controls will only be effective if you are aware of your mission-critical assets. At the most basic stage, your organization should know what assets you have. When conducting your inventory, it is recommended that you remove any hardware and applications that are no longer supported within your infrastructure. The assets that are no longer supported will typically be the most susceptible and can ultimately allow malicious actors to gain access to your network. After fulfilling the basic requirements, you should continuously monitor your network for hardware and software that you do not have listed in your inventory. The hardware that you need to monitor could be a device that makes it easy for malicious actors to enter your network. You should take immediate steps to remove any potentially dangerous hardware from your environment.

How Can I Protect My Denver Organization?

One of the steps to take on your journey to protecting your Denver organization is to reference the Cybersecurity and Infrastructure Security Agency’s (CISA) Cyber Security Advisory Tool (CSET). CISA provides multiple areas for assessment that Denver organizations can review, prepare, and protect themselves from a ransomware attack. Here are some things that the Cyber Security Advisory Tool can do for your organization:
  • Provide a consistent means of evaluating a control system network as part of a comprehensive cybersecurity assessment
  • Report using standards-based information analysis
  • Specify cybersecurity recommendations
  • Provide a baseline cybersecurity posture
To understand your Denver organization’s ransomware readiness, you can take the Ransomware Readiness Assessment. This ransomware self-assessment will allow you to examine its readiness. After completing the assessment, the tool will produce a report so that your organization can understand how prepared it is for a ransomware attack. However, no matter how prepared you are, cybersecurity incidents can and do happen. Understanding the vulnerabilities in your organization’s cybersecurity processes and procedures is critical to aid in your organization’s protection from ransomware. Initial.IT can help you identify any gaps and vulnerabilities in your protection strategy, as well as implement effective security practices. Initial.IT offers a comprehensive portfolio of services and solutions to help organizations respond to ransomware threats and prevent threats and attacks from occurring in the future. Contact us today to schedule a consultation. Thanks to our friends at Velocity IT in Dallas for their input into this article.