Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Protecting Against Ransomware

Home
Industry Insights
Protecting Against Ransomware

Blog Article Published: 10/07/2022

Written by Megan Theimer, Content Program Specialist, CSA.

Thanks to Dr. Jim Angle, Michael Roza, and Vince Campitelli

Ransomware is a form of malware used by an attacker to encrypt a victim’s data and demand a ransom for the encryption key, which allows the victim access to their data. Part 1 of this blog series further explains what ransomware is and the stages of a ransomware attack.

In this blog, we’ll explain how to develop appropriate controls to protect your organization against ransomware. To aid in our explanation, we’ll be referencing two of the functions from the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

Identify

According to NIST, the Identify Function of the Cybersecurity Framework aims to “develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.” Identifying assets, the business environment, governance, risk management, and supply chain provides the foundation that an organization’s cybersecurity program is built on.

The first step is to identify and classify all IT systems (including third-party and cloud), all software (operating systems and application), and all data (collected, processed, stored, and transmitted). This entails a complete inventory: people, IT systems (hardware and software), data, and facilities. Identifying and classifying these will aid in knowing what to protect and prioritizing these for a disaster recovery plan.

The organization should ensure that all policies, procedures, and processes are documented, readily available, and communicated. Failure to identify where all the data is located can result in missing data during the recovery and reinfection of systems.

Protect

The Protect Function entails developing and implementing appropriate controls to ensure the delivery of services. This function provides the ability to limit or contain the impact of cybersecurity events, including ransomware. Prevention is the best defense against ransomware, and it is essential to implement controls for protection.

To protect an organization’s cloud from ransomware, start with protecting the computer. There are some basic things you can do to protect computer systems:

  • Install endpoint protection.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users. Strong spam filters should be enabled.
  • Employ logical or physical means of network segmentation and isolation to separate various departmental IT resources within the organization.
  • Windows systems can use a Group Policy that allows the organization to define how users can use the system. It can block the execution of files from local folders, including temporary folders and the download folder. This stops attacks that begin by placing malware in a local folder that then opens and infects the computer system.
  • Manage the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should use them only when necessary. Additionally, Multi-Factor Authentication (MFA) should be required for all remote access.
  • Implement an awareness and training program. Because end users are targets, employees and individuals should be aware of the threat of ransomware and how it is delivered.
  • Consider versioning. Versioning means that the data is immutable, and any modification results in a new version. This makes versioning effective against ransomware because encryption attacks result in a new version. Not all providers offer versioning, so availability must be verified with the provider.

To defend against ransomware threats, a combination of data encryption with the use of homomorphic encryption to enable ongoing data management while encrypted and stored in the cloud, and cloud immutable/WORM storage, is the only sure way to address the new risks from ransomware.

Homomorphic encryption is different from standard encryption technology in that it allows computation to be performed directly on encrypted data without requiring access to a decryption key. Homomorphic encryption of backups and files before their move to a cloud repository guarantees data security in transit, at rest, and while in use. Homomorphic encryption enables ongoing management of encrypted data, dramatically reducing the issues associated with standard encryption methodologies while ensuring continuous data indexing, search, and overall management and governance processes.

To explore these concepts in more depth, check out the publication Ransomware in the Healthcare Cloud by CSA’s Health Information Management Working Group. Written specifically with healthcare delivery organizations in mind, this publication covers information that is also applicable to anyone interested in ransomware.

Enhancing cloud security strategyRansomwareTransitioning to the cloud

Share this content on your favorite social network today!

Latest from CSA
AI Summit at RSAC 2024
The State of AI and Security Survey Report
Data Resiliency Survey 2024
Trending This Week
#1 What is the Cloud Controls Matrix (CCM)?
#2 Zero Trust and AI: Better Together
#3 Test Accounts: Another Compliance Risk
#4 AI Safety vs. AI Security: Navigating the Commonality and Differences
#5 Is PQC Broken Already? Implications of the Successful Break of a NIST Finalist
Enhance your cloud security skills with CSA's online training options.
Related Articles:
10 Tips to Guide Your Cloud Email Security Strategy

Published: 04/17/2024

The Widening Overlap Between Cloud Workloads and Cybersecurity

Published: 04/17/2024

How to Audit Your Outdated Security Processes

Published: 04/16/2024

Sealing Pandora's Box - The Urgent Need for Responsible AI Governance

Published: 04/12/2024