Following are the four primary steps for such a defense:
Identify: NIST Special Publication (SP) 1800-25, Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events discusses ways to maintain awareness of organizational assets, including how to use technologies for vulnerability detection, management solutions and policy enforcements. This is particularly critical for health-care providers, which have had to deploy additional equipment, users and data quickly to serve more patients during the pandemic — and have added vulnerabilities in doing so.
Protect: Especially in the current environment, keeping equipment operational is critical. Also in NIST SP 1800-25, IT staff will find steps to maintain system and data integrity, including preventing attacks before they can occur. This involves technology such as those found in zero trust networking, including network segmentation, and proper privilege management.
Detect and Respond: Organizations must carefully monitor their infrastructure. This may be particularly challenging for health-care organizations as their day-to-day operations become more chaotic. NIST SP 1800-26, Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events discusses ways to discover attacks and react to them quickly. This guidance shows how file integrity and network monitoring solutions can enable IT staff to recognize attacks as they occur, rather than wait for bad actors to reveal themselves.
Recover: As hard as IT staff may try, adversaries can be difficult to detect. NIST SP 1800-11, Data Integrity: Recovering from Ransomware and Other Destructive Events explains how robust backup and restoration technologies can help an organization weather an attack without having to pay a ransom.
These recommendations and guidance apply broadly. Health-care organizations, firefighters, police, and many other state and local entities can use this information to protect against ransomware attacks. State and local governments, some of which use local managed service providers to maintain their information infrastructures, often lack the cyber security resources typical at the federal government agencies. These free resources should be passed along to any staff or consultants that are providing cyber security services to ensure best practices and preventive measures are in place.