NIST guidelines for ransomware recovery - situational awareness vital

News by Robert Abel

The US NCCoE at the NIST along with vendors and businesses within the cyber-security community teamed up to develop a recovery guide for firms hit with ransomware attacks.

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Science and Technology (NIST) along with vendors and businesses within the cybersecurity community teamed up to develop a recovery guide for firms hit with ransomware attacks.

Researchers said the goal of the guide is to help organisations recover data from cyber-security events, facilitate smooth recovery in the event of a compromise, and manage enterprise risks, according to the Data Integrity Recovering from Ransomware and Other Destructive Events report.

“Organisations must be able to quickly recover from a data integrity attack and trust that any recovered data is accurate, complete, and free of malware,” researchers said in the guide. “Data integrity attacks caused by unauthorised insertion, deletion, or modification of data have compromised corporate information including emails, employee records, financial records, and customer data.”

The guide is broken into three volumes and can be used in various ways depending on the user's role within their organisation whether they are business decision makers, technology and programme managers, or IT professionals.

The joint organisations used the guide to provide tips on how to restore data to its last known good configuration and how to identify correct backup versions as well as poisoned, or altered data, and how to determine identify who altered said data.

The guide also offers advice on how to take the proper approach to dealing ransomware attacks, high-level architecture, examples on implementation, security characteristics analysis and functional evaluations to test data integrity.

Information is also provided on how to prepare for the immediate threat and aftermath of destructive malware, malicious insider threats, and even honest mistakes to better protect data within an organisation.

The report offers a very detailed and useful standard-based guide to developing cyber-attack recovery strategies for any organization, Nozomi Networks cchief executive officer (CEO) Edgard Capdevielle told SC Media.

He added that using this report will help any ICS practitioner structure and maintain recovery plans for improved cyber-resilience, as well as establish best-practice models for ongoing cyber-security investment decisions and cross-departmental communication models.

“Minimising damage and recovering from cyber-attacks is heavily dependent on an operation's ability to recognise and analyse process anomalies in real-time,” Nozomi said. “Obtaining a high degree of situational awareness and threat intelligence is key in structuring recovery strategies against a cyber-attack in any ICS environment.”

Nozomi added that the report illustrates how important it is for any ICS to have the technology and resources required to support advanced ICS threat detection capabilities, as well as prescriptive responses to them.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews