National Cybersecurity Alliance and PCI Security Standards Council Issue Joint Bulletin on Ransomware Attack

National Cybersecurity Alliance and PCI Security Standards Council Issue Joint Bulletin on Ransomware Attack

The PCI Security Standards Council (PCI SSC) and the National Cybersecurity Alliance issued a joint bulletin on the increasing threat of ransomware attacks. The full bulletin can be viewed here.

What is the threat?

Ransomware attacks have been front and center in the news over the past year due to high-profile breaches that have impacted businesses across the globe. The high-profile ransomware attacks in 2021 have been part of a larger global increase in ransomware crime. Over the calendar year 2021, it is estimated that ransomware attacks cost the world $20 billion and hit 37% of all businesses and organizations. These cyber threats are real and require immediate action to better protect against these ongoing criminal activities.

How do these attacks work?

A ransomware attack involves cyber actors gaining access to your network, systems and data and then rendering parts of these unusable, and/or stealing some of the data you have stored. The cyber-actor then ‘ransoms’ the data back requiring payment to provide a decryption key to allow for the recovery of the encrypted data and systems or to guarantee sensitive data is not further exposed. In some cases, ransomware actors will publicly release or sell the data that has been stolen if the victim does not pay. Ransomware attacks are often the result of a phishing attack, when a company employee clicks on a malicious link, or the exploitation of known vulnerabilities in outdated software that an organization has not updated using patches they receive from software vendors.

What are some prevention best practices?

When it comes to protecting payment card data, which is often the target of a cyber-attack, adherence to the PCI DSS is considered a best practice. It consists of steps that mirror industry accepted security best practices and at a high level requires you to consider:

How do you keep the criminals out?
How do you slow them down if they get in?
How do you detect them and respond to that detection in the quickest and most appropriate way?
For any ransomware event, it’s important to understand the scope of the data which may have been potentially exposed. Criminals have been in your network and even if data is not included in the ‘ransom’, it may have been copied to be used later. All such data must be considered compromised, and appropriate actions taken.

For dealing with the threat of ransomware attacks related to payment security, the PCI DSS can be helpful in preventing an attack. Some critical best practices include:

Network Segmentation – Identify and secure your organizations most important/valuable data.

Train your employees - Develop a plan that educates your employees on the best ways to avoid these types of attacks

Test your systems - Have you tested your systems lately to see if it’s easy for someone to break in?

Maintain a Secure Network - What does someone have access to once they are ‘in’ your network?

Patch - Your vendors send you “patches” to fix problems in your payment systems or other systems. Use them.

Monitor - Are you monitoring your systems for changes? Have suspicious or unauthorized/unapproved changes been investigated?

Backup your systems - Have you tested the integrity of your backups recently (both physical and virtual backup systems)? Have you tested the backup and recovery process recently? Making sure you can recover data from your backups is crucial in the event your systems are locked by ransomware.

Prepare - You and your employees should know how to recognize and respond to an attack, including what to do and who to contact. This should include formal processes for identifying all sensitive data potentially exposed during the event, so that this can be considered compromised – regardless of any restoration or remediation processes.

The Importance of Software Security - Software Security is also a key component to guarding against ransomware attacks since ransomware attacks often happen because of outdated or inferior software.

Featured

  • Until We Meet Again

    A short three years ago we were all pondering whether to attend any tradeshows all thanks to COVID-19. Sorry to bring that nightmare up again, but it seems that little pandemic is in the rear-view mirror, and it’s time to meet again. Read Now

    • ISC West
  • Cyber Hygiene: What it Looks Like for IoT Devices

    Cyber Hygiene: What it Looks Like for IoT Devices

    For our second pillar about the Industrial Internet of Things (IIoT) Pillars of Security, we are going to discuss what cyber hygiene looks like for IoT devices. Read Now

  • ISC West Announces 2023 Keynote Series Speaker Lineup

    The International Security Conference (ISC), in collaboration with premier sponsor Security Industry Association (SIA), announced five of this year’s ISC West Keynote Series speakers. ISC West will kick off its annual conference on March 28 (SIA Education@ISC: March 28-30 | Exhibit Hall: March 29-31) at the Venetian Expo in Las Vegas, Nevada. Read Now

    • ISC West
  • Accelerating Security Modernization

    In recent years, the term “digital transformation” has been one of the most frequently used buzzwords across industries. On its most basic level, it refers to the reimagining of how an organization leverages its technology systems to improve business processes. Read Now

Featured Cybersecurity

New Products

  • Camden Door Controls CV-603 2 Door Bluetooth Access Control System

    Camden Door Controls CV-603 2 Door Bluetooth Access Control System

    his app-based system is designed to provide ‘best in class’ security of doors and gates, with up to 2,000 users. The intuitive programming app is Apple® and Android® compatible, with easy to use system set-up, user administration, downloadable audit trail and data back-up. 3

  • ABLOY IP54-rated Integrated Dust Cover

    ABLOY IP54-rated Integrated Dust Cover

    One of the things that keep security managers on high alert is the real possibility the security locks used to safeguard their properties may unexpectedly fail due to environmental conditions. 3

  • Genetec Security Center

    Genetec Security Center

    This major new release allows more system components to run in the cloud, reducing the gap between cloud and on-premises security systems. It also makes it easier to connect external systems and tap external data for use in dashboards, maps and investigations without relying on complex, specialized integrations. 3