National Cybersecurity Alliance and PCI Security Standards Council Issue Joint Bulletin on Ransomware Attack

National Cybersecurity Alliance and PCI Security Standards Council Issue Joint Bulletin on Ransomware Attack

The PCI Security Standards Council (PCI SSC) and the National Cybersecurity Alliance issued a joint bulletin on the increasing threat of ransomware attacks. The full bulletin can be viewed here.

What is the threat?

Ransomware attacks have been front and center in the news over the past year due to high-profile breaches that have impacted businesses across the globe. The high-profile ransomware attacks in 2021 have been part of a larger global increase in ransomware crime. Over the calendar year 2021, it is estimated that ransomware attacks cost the world $20 billion and hit 37% of all businesses and organizations. These cyber threats are real and require immediate action to better protect against these ongoing criminal activities.

How do these attacks work?

A ransomware attack involves cyber actors gaining access to your network, systems and data and then rendering parts of these unusable, and/or stealing some of the data you have stored. The cyber-actor then ‘ransoms’ the data back requiring payment to provide a decryption key to allow for the recovery of the encrypted data and systems or to guarantee sensitive data is not further exposed. In some cases, ransomware actors will publicly release or sell the data that has been stolen if the victim does not pay. Ransomware attacks are often the result of a phishing attack, when a company employee clicks on a malicious link, or the exploitation of known vulnerabilities in outdated software that an organization has not updated using patches they receive from software vendors.

What are some prevention best practices?

When it comes to protecting payment card data, which is often the target of a cyber-attack, adherence to the PCI DSS is considered a best practice. It consists of steps that mirror industry accepted security best practices and at a high level requires you to consider:

How do you keep the criminals out?
How do you slow them down if they get in?
How do you detect them and respond to that detection in the quickest and most appropriate way?
For any ransomware event, it’s important to understand the scope of the data which may have been potentially exposed. Criminals have been in your network and even if data is not included in the ‘ransom’, it may have been copied to be used later. All such data must be considered compromised, and appropriate actions taken.

For dealing with the threat of ransomware attacks related to payment security, the PCI DSS can be helpful in preventing an attack. Some critical best practices include:

Network Segmentation – Identify and secure your organizations most important/valuable data.

Train your employees - Develop a plan that educates your employees on the best ways to avoid these types of attacks

Test your systems - Have you tested your systems lately to see if it’s easy for someone to break in?

Maintain a Secure Network - What does someone have access to once they are ‘in’ your network?

Patch - Your vendors send you “patches” to fix problems in your payment systems or other systems. Use them.

Monitor - Are you monitoring your systems for changes? Have suspicious or unauthorized/unapproved changes been investigated?

Backup your systems - Have you tested the integrity of your backups recently (both physical and virtual backup systems)? Have you tested the backup and recovery process recently? Making sure you can recover data from your backups is crucial in the event your systems are locked by ransomware.

Prepare - You and your employees should know how to recognize and respond to an attack, including what to do and who to contact. This should include formal processes for identifying all sensitive data potentially exposed during the event, so that this can be considered compromised – regardless of any restoration or remediation processes.

The Importance of Software Security - Software Security is also a key component to guarding against ransomware attacks since ransomware attacks often happen because of outdated or inferior software.

Featured

  • ASIS International and SIA Release “Complexities in the Global Security Market: 2024 Through 2026”

    ASIS International and the Security Industry Association (SIA) – the leading security associations for the security industry – have released ”Complexities in the Global Security Market: 2024 Through 2026”, a new research report that provides insights into the equipment, technologies, and employment of the global security industry, including regional market breakouts. SIA and ASIS partnered with global analytics and advisory firm Omdia to complete the research. Read Now

  • President Biden Issues Executive Order to Bolster U.S Port Cybersecurity

    On Wednesday, President Biden issued an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity and more Read Now

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

  • ASIS Announces ANSI-Approved Cannabis Security Standard

    ASIS International, a leading authority in security standards and guidelines, proudly announces the release of a pioneering American National Standards Institute (ANSI)-approved standard dedicated to cannabis security. This best-in-class standard, meticulously developed by industry experts, sets a new benchmark by providing comprehensive requirements and guidance for the design, implementation, monitoring, evaluation, and maintenance of a cannabis security program. Read Now

Featured Cybersecurity

Whitepapers

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3