National Cybersecurity Alliance and PCI Security Standards Council Release Joint Bulletin on Ransomware Attacks
Washington, DC, February 10, 2022 – Today, the PCI Security Standards Council (PCI SSC) and the National Cybersecurity Alliance released a joint bulletin on the growing threat of ransomware attacks. The full newsletter can be viewed here.
What is the threat?
Ransomware attacks have been in the news over the past year due to high-profile breaches impacting businesses around the world. The high-profile ransomware attacks in 2021 were part of a larger global rise in ransomware-related crime. In calendar year 2021, ransomware attacks are estimated to have cost the world $20 billion and affected 37% of all businesses and organizations. These cyber threats are real and require immediate action to better protect against these ongoing criminal activities.
How do these attacks work?
A ransomware attack involves cyber actors gaining access to your network, systems and data, then rendering parts of it unusable and/or stealing some of the data you have stored. The cyber actor then “ransoms” the data requiring payment to provide a decryption key in order to allow the recovery of encrypted data and systems or to ensure that sensitive data is no longer exposed. In some cases, ransomware actors will publicly post or sell the data that has been stolen if the victim does not pay. Ransomware attacks are often the result of a phishing attack when a company employee clicks on a malicious link, or the exploitation of known vulnerabilities in outdated software that an organization has not updated. using patches it receives from software vendors.
What are good prevention practices?
When it comes to protecting payment card data, which is often the target of cyber attack, compliance with PCI DSS is considered good practice. It consists of steps that reflect industry-accepted security best practices and, at a high level, requires you to consider:
- How do you keep criminals away?
- How do you slow them down if they come in?
- How do you detect them and respond to that detection in the fastest and most appropriate way?
For any ransomware event, it is important to understand the extent of data that may have been potentially exposed. Criminals have penetrated your network and even if the data is not included in the “ransom”, it may have been copied for later use. All of this data should be considered compromised and appropriate action should be taken.
To address the threat of ransomware attacks related to payment security, PCI DSS can be useful in preventing an attack. Some essential best practices include:
Network segmentation – Identify and secure your organization’s most important/valuable data.
Train your employees – Develop a plan that educates your employees on the best ways to avoid these types of attacks
Test your systems – Have you been testing your systems lately to see if it’s easy for someone to break in?
Maintain a secure network – What does a person have access to once they are “in” your network?
Crest – Your vendors send you “patches” to fix problems with your payment systems or other systems. Use them.
To watch – Are you monitoring your systems for changes? Have any suspicious or unauthorized/unapproved changes been investigated?
Backup your systems – Have you recently tested the integrity of your backups (physical and virtual backup systems)? Have you tested the backup and restore process recently? Ensuring you can recover data from your backups is crucial in the event that your systems are locked down by ransomware.
To prepare – You and your employees need to know how to recognize and respond to an attack, including what to do and who to contact. This should include formal processes to identify any sensitive data potentially exposed during the event so that it can be deemed compromised, independent of any restoration or remediation processes.
The importance of software security – Software security is also a key part of guarding against ransomware attacks, as ransomware attacks often occur due to outdated or inferior software.
Official quotes from Lance Johnson, Executive Director, PCI Security Standards Council (PCI SSC):
“PCI SSC is hearing from stakeholders around the world about the threat of ransomware attacks. As the industry-leading organization in the payment security world, we are issuing this bulletin to help educate those working in payments and security about this current and growing risk. Organizations must make cybersecurity a top priority as the number of cyberattacks around the world is on the rise. »
“Ransomware attacks take advantage of vulnerabilities that allow attackers to gain illegitimate access to a system. Using good payment security practices and protocols can go a long way to guarding against these attacks. Adhering to the PCI Data Security Standard (PCI DSS) is considered best practice for defending against a wide range of attacks, including ransomware.
“The surge in ransomware activity has many businesses and governments around the world searching for answers as they strive to stay ahead of organized cybercriminal gangs. These cyber threats are very real and require immediate action to better protect against these ongoing criminal activities.
Saved quotes from Lisa Plaggemier, General Manager National Cyber Security Alliance:
“All organizations, large and small, public and private, are at risk of ransomware attacks. Ransomware is an ever-growing cyber threat that can devastate an organization, especially small organizations without the resources to fight it. The United States suffered 65,000 ransomware attacks in 2020, and sadly, small businesses and nonprofits bore the brunt of these attacks. “Small businesses and non-profits are attractive targets because they typically lack the security infrastructure and resources of larger enterprises. Recent reports estimate that 37% of all businesses and organizations were hit by ransomware in 2021 and 32% of ransomware victims paid a ransom request.”
“As the business world has moved online during the COVID-19 pandemic, ransomware attacks have increased in frequency, sophistication, and ransom payment amounts. The National Cybersecurity Alliance has made this issue a priority and we strive to educate organizations and the public about the seriousness of this threat and how to protect themselves from it.For small business owners, the best and least expensive way to defend against ransomware is to educate employees on how to recognize an attack before it becomes an incident.
About the PCI Security Standards Council
the PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing flexible and effective industry-focused data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and threats. violations. Connect with the PCI SSC on LinkedIn. Join the conversation on twitter @CCISSC. Subscribe to the IPC Insight Blog.
About the National Cyber Security Alliance
The National Cybersecurity Alliance is a non-profit organization whose mission is to create a more secure and interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families and our organizations from cybercrime. We create strong partnerships between governments and businesses to amplify our message and foster a greater “digital” good. Our key efforts include Cybersecurity Awareness Month (October); Data Protection Day (28 January); and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resilient and resilient in the face of cyberattacks. For more information, please visit staysafeonline.org.