Ransomware has been a scourge for years. Recently, it has become a national security issue because of the exponential growth of attacks aimed at our critical infrastructure. Ransomware that holds hostage the critical data needed to run our public and private institutions is now affecting our everyday lives—the price and availability of gas (Colonial Pipeline), the cost of meat (JBS), ferry rides to Cape Cod, and even the shut down of Ireland’s entire health system for a week.
The appropriate concern has been expressed by our elected officials. U.S. Congressional hearings have been held. Some subject matter experts are claiming cryptocurrency is an enabler of ransomware and should be outlawed or tightly regulated. There are suggestions that private institutions should not be allowed to give in to extortionists and refuse to pay a ransom. Still, others want to establish mandatory cybersecurity standards for public and private operators of critical infrastructure.
These are important discussions. At the Cyber Readiness Institute (CRI), we believe there is a simple solution that will help reduce the threat of ransomware: educate people to do the basic cyber hygiene practices that will make us all cyber ready whether at home or work, and will make it more difficult for criminal actors to succeed. It’s the proverbial low-hanging fruit.
At CRI, we’ve published a Ransomware Playbook to help guide organizations of any size through the steps that will help prevent ransomware attacks. Not every attack can be averted, but we’ve come to recognize that lot of the behaviors individuals and organizations engage in, allow bad actors to take advantage of gaps in their cybersecurity. That’s why we focus on the aspects of human behavior that can help create a foundation for a strong culture of cybersecurity. It’s not about technology and it’s not complicated. We’re a non-profit and our material is free. Here, for example, are some tips and tricks we recommend:
Ransomware is all about access, prevention is key:
- Use strong unique passwords or passphrases.
- Promote the use of multifactor authentication.
- Make sure your software and systems are updated and patched.
- Limit administrator accounts on your network.
- Train your staff on phishing prevention, on their laptops, desktops, and mobile devices.
Prepare for the worst:
- Ensure you have off-network back-ups that are kept up to date.
- Test your back-ups regularly to confirm that they are usable and current.
- Create an incident response plan with clear steps on what to do if compromised.
CRI recently published a white paper, “The Urgent Need to Strengthen the Cyber Readiness of Small and Medium-Sized Businesses,” urging the Biden Administration to take specific actions to protect small and medium-sized businesses (SMBs)–vital components of global supply chains–from cyber attacks.
In the white paper, CRI calls for the rollout of a National Cyber Readiness Education Campaign. Awareness is critical for SMBs and all of us. We need an aggressive, accessible, and easy-to-understand nationwide awareness campaign that focuses on a single, impactful cyber issue like strong passwords, which, we know, can help prevent ransomware. We must do whatever we can to stop the growing number of ransomware attacks on our public and private institutions. Let’s begin today with the basics and the low-hanging fruit.
You can find more free materials on our website, https://cyberreadinessinstitute.org/.
Kiersten E. Todt is the Managing Director of the Cyber Readiness Institute (CRI), a non-profit initiative that provides free cybersecurity tools to small and medium-sized businesses, globally. She most recently served as executive director of President Obama’s Commission on Enhancing National Cybersecurity.
Christopher G. Caine is President of the Center for Global Enterprise (CGE), a New York-based non-profit organization dedicated to the study of the contemporary corporation in the era of global economic integration. CGE is a founding member of CRI. He is also President & CEO of Mercator XXI, a professional services firm helping clients engage the global economy.