The Institute for Security and Technology's Ransomware Task Force (RTF) released a blueprint for small and mid-sized enterprises to face ransomware Thursday, aiming to promote hygiene in less mature network environments.
The RTF became a key resource in 2021 as governments started to take ransomware seriously as a homeland security problem. Its inaugural report, coincidentally released in April amid the chaos of Colonial Pipeline, offered recommendations for ransomware on geopolitical, federal, law enforcement, insurance and enterprise levels, and became a key document in crafting legislation. RTF sported an attractive multistakeholder membership ranging from security companies and insurers to highly targeted groups to governments and law enforcement at a time lawmakers were trying to understand the needs of the many players in the field.
Many of their suggestions became policy, but the report was intended to provide solutions that did not require policy changes as well. One of those was creating a roadmap for SMBs to prevent, detect and recover from ransomware.
"The sense that we've heard from the community is that [existing frameworks] can be seen as a mismatch between the needs of small enterprises and the entities that serve them like MSPs and MSSPs," said Megan Stifel, chief strategy officer for the Institute for Security and Technology and a co-chair of the RTF.
The blueprint includes recommendations for identity and asset management, testing and architecture, maintaining logs, and developing internal reporting practices and other recovery plans in advance.
"Rather than adding to the noise, what we wanted to do was to reiterate the importance of specific controls that through analysis have been shown to be effective in combating over 70% of ransomware attack methods," Stifel added.
The structure of the blueprint borrows from the Center for Internet Security (CIS) Critical Security Controls. CIS participated in contributing to the blueprint, alongside Stifel, the Global Cyber Alliance, Security Scorecard, Resilence insurance and ActZero.
The ransomware space has moved quickly since the original RTF report was released. Stifel is cognizant of recent attacks resembling ransomware but using extortion without encrypting files, a la Lapsus$, and the blueprint is not tied to recovering from encrypted files. There has been considerable movement in international commitments to fight ransomware as well as several domestic policies put into place.
Stifel said that the RTF continues to view ransomware as a problem that can only be solved holistically, requiring action by each of enterprise, insurance, cryptocurrency market, and local and international government to solve.
"We didn't think that any one of these recommendations was a single bullet, rather it's ten 10% solutions," she said.