Act Now: Release of New Ransomware Threat Guidelines

fraud and corruption

There has been a historical pattern of cyber attacks against Ukraine that have had unintended international consequences. Sanctions and digital measures could put the US, its allies and other NATO nations at high risk as the threat of a response is likely and of an unpredictable scale. Malicious cyber activity could impact Australian organisations through unintended disruption or uncontained malicious cyber activities. Typically, high-value targets in state-sponsored digital warfare include governments, militaries, energy, finance, and critical infrastructure. Despite this, the Australian Cyber Security Centre (ACSC) is recommending that all Australian organisations, no matter the size or industry, urgently adopt an enhanced cyber security position in response to the threat of malware, particularly ransomware.

In this context, the Australian Cyber Security Centre has published two guides to help organisations manage and respond to ransomware threats. Much like the Third Party Risk enhancements NIST introduced in late 2021, these new guidelines are a direct response to the global state of cyber risk and how organisations should better prepare.

The two documents are:

  • The Ransomware Risk Management: A Cybersecurity Framework Profile (NISTIR 8374): this incorporates feedback from earlier drafts and is based on the broader NIST Cybersecurity Framework Version 1.1. NIST says that it can be used as a guide to manage the risk of ransomware events – which includes helping to gauge an organisation’s level of readiness to counter ransomware threats and to deal with the potential consequences of events if they occur.
  • Getting Started with Cybersecurity Risk Management: Ransomware: a guide that is designed to enable organisations to make a quick start on managing ransomware risks by encouraging enhanced communication and taking risk-based action in response to the new threat landscape.

By introducing these guidelines, NIST is addressing the current environment while also encouraging adoption of the entire Cyber Security Framework. By adapting it to what many organisations would consider the greatest cyber threat – ransomware, the relevance of the framework becomes clearer, especially for those that have documentation that is loosely adapted or incomplete. The NIST Cyber Security Framework and all sub-guides are based on the five key areas – Identify, Detect, Protect, Respond, Recover.

The time is now. Be your framework incomplete or the perfect example of compliance, review and improvement is never ending and key to the combined fight against cyber threats. We must act. Our cyber gaps not only pose a threat to us, but our vendors, stakeholders, clients and much more. Indirect exposure is prolific in Australian infrastructure with an IBM-Ponemon study revealing more than half of all organisations have experienced a data breach due to a third party.

6 steps you need to take right now to combat ransomware

Here is our list of 6 steps you can take to help improve the maturity of your cyber security:

  1. Strengthen COMMUNICATION with staff to ensure a combined understanding of the evolving threat. Human error still remains the greatest weakness.
  2. Enhance your DETECTION tools to predict and alert your security team before an impact occurs.
  3. Review and exercise your RESPONSE documentation to ensure a sense of readiness throughout the organisation.
  4. Adopt a strict ZERO TRUST policy across all platforms to ensure access to sensitive information is limited to requirements and review existing privileged access regularly.
  5. Ensure all devices whether company owned or BYOD are PATCHED and kept up to date as often as possible (e.g. enable auto-update on end user devices).
  6. Broaden your organisation’s overall CYBER HYGIENE to ensure existing and new processes are designed with cyber security at the foundation (e.g. multi factor authentication, centralised password rules, anti-malware on all devices including BYOD).

Equally important, InConsult encourages all organisations to regularly monitor Australian Cyber Security Centre advisories, threats and alerts. Contact us if you would like to know more about any notices released and how they may affect your organisation.

And finally, remember that whatever steps you take, ensuring Cyber Risk is prioritised and regularly discussed is already the first step to enhancing your cyber posture! Check out InConsult’s Cyber Risk Management capabilities to find out how we can help you build a more resilient organisation.

InConsult is an official partner of the Australian Cyber Security Centre

We are proud to be an official partner of the Australian Cyber Security Centre (ACSC), a part of the Joint Cyber Security Centre that is collectively enhancing communication between security agencies worldwide. As an official partner, we are privileged to priority notifications and direct support from the ACSC to address any matters or concerns relating to threats to the Australian business landscape.

ACSC Logo - Ransomware Guidelines