[BreachExchange] Takeaways from NYDFS ransomware guidance

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Tue Jul 6 15:49:57 EDT 2021 

https://www.complianceweek.com/cyber-security/takeaways-from-nydfs-ransomware-guidance/30539.article

Following an examination of ransomware instances reported by regulated
entities over the past 18 months, the NYDFS observed these incidents all
followed a similar pattern: “Hackers enter a victim’s network, obtain
administrator privileges once inside, and then use those elevated
privileges to deploy ransomware, avoid security controls, steal data, and
disable backups.”

Based on its findings, the NYDFS identified specific cyber-security
measures it said all regulated entities should implement wherever possible.
Those key measures are summarized below:

   - Conduct recurrent anti-phishing training, “including how to spot,
   avoid, and report phishing attempts. Companies should also conduct periodic
   phishing exercises and test whether employees will click on attachments and
   embedded links in fake emails and remedial training for employees, as
   necessary.”
   - Implement a vulnerability/patch management program to identify,
   assess, track, and remediate vulnerabilities on all enterprise assets
   within the infrastructure, including periodic penetration testing.
   - Employ privileged access management to safeguard credentials for
   privileged accounts.
   - Use multi-factor authentication and strong passwords—at least 16
   characters—for all logins to privileged accounts, whether remote or
   internal.
   - Monitor systems for intruders and respond to alerts of suspicious
   activity.
   - Test and maintain backups that are segregated from the network and
   offline that will allow recovery in the event of a ransomware attack.
   Periodically test the backups by restoring critical systems from those
   backups.
   - Have in place an incident response plan that explicitly addresses
   ransomware attacks. Make senior leadership part of the testing of that plan
   prior to any ransomware incident occurring.

“These controls, when implemented together, significantly reduce the risk
of a successful ransomware attack,” stated the NYDFS.

The regulator, in its guidance, cited data shared by Secretary of Homeland
Security Alejandro Mayorkas during a virtual event in May that the reported
rate of ransomware attacks increased 300 percent in 2020.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210706/37201560/attachment.html>

More information about the BreachExchange mailing list