What are short-term and long-term ways to minimize the likelihood of ransomware attacks?

As the frequency and impact of ransomware attacks increase over time, organizations should consider short- and long-term solutions to reduce the risk of ransomware attacks. In addition to complying with local, state, or tribal, and federal reporting requirements and statutes related to cyber incidents, organizations should consider the following non-exhaustive good practices for minimizing the impact of ransomware events.

Short-Term:

• Engage with information sharing organizations like the Multi-State Information Sharing and Analysis Center to support awareness around emerging trends and threat types.
• Engage with local information sharing organizations, such as regional Fusion Centers.[1]
• Regularly check for Cybersecurity & Infrastructure Security Agency (“CISA”) alerts and follow available CISA guidance, such as the Ransomware Guide.[2]
• Create an inventory of cyber assets that identifies relevant security procedures and risks.
• Regularly update and maintain software security procedures.
• Implement email security procedures to limit phishing and spoofing attempts, and pair them with staff training on basic cyber hygiene and good practices.
• Consider the impacts of ransomware events on third-party vendors and work with these entities to identify backups and formalize security procedures.
• Implement multi-factor authentication on applicable platforms.

Long-Term:

• Develop a cyber incident response plan to direct coordination during a ransomware incident or consider developing a ransomware annex to your cyber incident response plan identifying specific considerations for ransomware events.
• Using assessments and evaluations, identify training needs for all staff and technical staff to help mitigate the human-caused errors that lead to ransomware attacks.
• Conduct vulnerability assessments and penetration testing to identify potential access points and necessary hardening measures.
• Using assessments and evaluations, identify software gaps and create stronger defenses against common types of ransomwares.
• Align your organization with the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework and use the Ransomware Risk Management Profile[3] to gain an understanding of your organization’s readiness and capability gaps as it relates to ransomware events.