www.helpnetsecurity.com
Open in
urlscan Pro
34.218.126.5
Public Scan
URL:
https://www.helpnetsecurity.com/2024/09/24/cyber-compliance-minimize-risk/
Submission: On September 25 via api from TR — Scanned from DE
Submission: On September 25 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - editor's choice selection of topics (twice per month)</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1727230729"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
* News * Features * Expert analysis * Videos * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Please turn on your JavaScript for this page to function normally. Joshua Blackborne September 24, 2024 Share HOW CYBER COMPLIANCE HELPS MINIMIZE THE RISK OF RANSOMWARE INFECTIONS Over the past decade, ransomware has been cemented as one of the top cybersecurity threats. In 2023 alone, the FBI received 2,385 ransomware complaints, resulting in over $34 million in losses. To help businesses combat ransomware and other threats, various regulatory bodies have developed cyber compliance frameworks to standardize best security practices across industries. While following governmental and industry-focused guidelines doesn’t necessarily ensure a stronger cyber posture, these frameworks do provide useful starting points as models for addressing security gaps of different types. Let’s explore in detail how adhering to these regulations helps organizations reduce the risk of ransomware infections. UNDERSTANDING RANSOMWARE THREATS Using ransomware, threat actors deploy malicious software to encrypt a victim’s critical data, making it inaccessible. To recover the data, hackers demand that the victim pay a ransom, most often in cryptocurrency. Cybercriminals typically follow a double-extortion tactic, whereby they threaten to publicly disclose the data if the ransom isn’t paid. A ransomware attack can have severe consequences for the infected organization, way beyond whatever the requested ransom is. This includes lost productivity, downtime, and reputational damage – especially if the encrypted data includes sensitive customer information. Sometimes, a successful attack may even force a business into bankruptcy. With the rise of Ransomware-as-a-Service (RaaS), a cybercrime business model where ransomware code and tools are sold on the dark web, even individuals with limited technical knowledge can launch sophisticated ransomware attacks. This has led to a significant increase in attack frequency. Ransomware hits businesses of all sizes, and can be particularly devastating for midmarket firms, which typically have less vigilant cybersecurity practices and limited resources to recover from such attacks. REDUCING RISK WITH CYBER COMPLIANCE Achieving cyber compliance means adhering to established regulatory and industry-specific frameworks designed to help organizations implement best cybersecurity practices and prevent security incidents. Popular frameworks and standards include the NIST CSF 2.0, ISO 27017 and SOC 2. All of these standards have specific requirements that focus on different aspects of cybersecurity. For example, SOC 2 emphasizes the security of customer data with access controls and continuous monitoring, which makes it especially important for preventing ransomware in service-based organizations. By following the standards and practices outlined in these frameworks, organizations can establish structured and industry-standard cybersecurity programs that are capable of minimizing vulnerabilities, adapting to evolving ransomware trends, and responding to security incidents. Additionally, compliance frameworks often encourage regular risk assessments and audits to ensure controls are continuously implemented, resulting in a proactive cybersecurity approach that is essential in today’s threat landscape. Cyber compliance demonstrates a commitment to security, which not only helps mitigate risks but also builds trust with customers, partners and regulators. One of the best things about these frameworks is that they’re easily accessible online, so organizations of all sizes can use them to improve their resilience to ransomware without significant financial investment. Often, submitting evidence and obtaining a badge from a compliance verification organization costs thousands of dollars per year, but in many cases, the list of framework requirements is available for free. RISING TO THE COMPLIANCE CHALLENGE Because of the vast number of frameworks, controls, and audits required, achieving compliance can be a steep mountain to climb. Thankfully, modern solutions exist that can significantly streamline the road to compliance. Cyber governance, risk, and compliance (GRC) platform Cypago provides a centralized approach to managing compliance by automating many of the repetitive and time-consuming tasks involved in tracking, reporting, and maintaining adherence to various standards. The platform comes with features designed to simplify the entire compliance lifecycle, with tools to support selecting frameworks, creating custom frameworks based on risk analyses, collecting evidence from integrated platforms, identifying gaps, executing user access reviews, implementing new controls, generating reports and continuously monitoring compliance efforts. This is especially useful if you have to manage compliance across multiple frameworks simultaneously, which is common in highly regulated industries like finance, healthcare, and government contracting. KEY COMPLIANCE CONTROLS TO PREVENT RANSOMWARE While standards and frameworks can differ in terms of specific requirements and focus areas, they generally share a common foundation of best practices to enhance security and manage risk. Let’s go over some of the most popular and important controls found across various frameworks that have the most impact in strengthening cyber resilience against ransomware: ENCRYPTION OF SENSITIVE DATA Most cybersecurity frameworks emphasize the importance of encrypting data at rest and in transit. So even if attackers successfully penetrate a network, they won’t be able to access the information that is most critical to the victim. Since encrypting all data isn’t very practical, organizations should determine the data that is most sensitive, such as customer data or financial records, and prioritize encryption efforts accordingly. REGULAR DATA BACKUPS Having a well-maintained and secure data backup is one of the most effective ways to recover from a ransomware attack. While cybercriminals may still release the data publicly, they lose all leverage as the business can continue operating without paying a ransom. The backups should be kept separate from the primary network so they can’t be compromised during an attack. For example, a backup might be stored in an isolated cloud environment or offline on a hard drive. PATCH MANAGEMENT AND SOFTWARE UPDATES Ransomware attackers often exploit software vulnerabilities and unpatched systems to get a foothold in an organization’s network. These vulnerabilities are typically found in old versions of software that have not been updated with the latest security patches. Regularly updating systems and software to their latest version is an essential security practice, as updates contain critical security fixes to known vulnerabilities. NIST and other leading certifications include stipulations regarding patch safeguards. SECURITY AWARENESS TRAINING Verizon’s 2024 Data Breach Investigations Report (DBIR) found that 68% of data breaches involve a human element, such as clicking on a malicious link. Employees often unknowingly expose their organization to risk by simply not being aware of common threats, including social engineering tactics used by attackers. Security awareness training is a staple in many compliance frameworks, including PCI DSS and HIPAA, since training helps organizations educate employees on how to recognize, respond to and report suspicious activity. CONCLUSION As disruptive cyber threats like ransomware evolve, organizations must adopt a proactive approach to cybersecurity. One of the best ways to do so is by following established security frameworks that provide a structured approach to implementing essential security controls. It’s important to recognize compliance not as a one-time task but as a proactive and continuous effort. With innovative solutions that streamline compliance efforts, it’s never been easier to adopt and maintain strong cybersecurity practices that satisfy legal obligations and prevent security incidents. More about * compliance * cybersecurity * Cypago * framework * ransomware Share FEATURED NEWS * Transportation, logistics companies targeted with lures impersonating fleet management software * US-based Kaspersky users startled by unexpected UltraAV installation * Telegram will share IP addresses, phone numbers of criminal suspects with cops eBook: Navigating compliance with a security-first approach SPONSORED * eBook: Cloud security skills * Download: The Ultimate Guide to the CISSP * eBook: Do you have what it takes to lead in cybersecurity? DON'T MISS * Transportation, logistics companies targeted with lures impersonating fleet management software * US-based Kaspersky users startled by unexpected UltraAV installation * Telegram will share IP addresses, phone numbers of criminal suspects with cops * Future-proofing cybersecurity: Why talent development is key * Windows Server 2025 gets hotpatching option, without reboots Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - editor's choice selection of topics (twice per month) Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2024 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×