Digital security and protection against ransomware is a key concern for the NIST.

The New NIST Draft for Cybersecurity & Risk Management

Released in June 2021, NIST updated its standards based on the latest security risks and trends to help experts better manage and mitigate risks. The goal is to provide guidelines for a basic security profile with respect to the current risk environment.

The new draft is NISTIR 8374, titled “Cybersecurity Framework Profile for Ransomware Risk Management“, and can be found here. The revision was finalized on October 8, 2021, and is friendly towards residential, commercial, and industrial sectors alike.

Let’s take a look at the information within the document and what it entails.

How Security Services May Improve With the New NISTIR 8374 Draft

The draft creates a “Ransomware Profile” and maps different approaches to help departments achieve security objectives against recent threats. Key areas covered include:

  1. Measuring security capabilities
  2. Implementing preventative measures and security services
  3. Responding to the latest threats
  4. Recovering from ransomware events

The framework deals primarily with ransomware threats but can be used for other threats and improve cybersecurity in general.

Preventative Steps in NISTIR 8374

Key considerations offered in the new draft are:

  • Antivirus software must always be enabled
  • Antivirus software must be set to automatic scans, specifically for emails and flash drives
  • Computers and other equipment must be fully patched to current available patches
  • Internal networks should be segmented to prevent malware from infecting the whole server via just one system
  • Implement continuous monitoring for directory services
  • Recognition of potentially malicious web resources and preventing access
  • Only authorized apps should be allowed. Shadow IT should be avoided.
  • Establish a process to review and manage authorized/unauthorized applications
  • User accounts should be tiered with different privileges to limit access to information
  • BYOD (bring your own device) should be limited
  • If remote work is necessary, organizations should endeavor to provide separate computers to limit social interaction and personal applications while working on the company server.

NISTIR 8374 also offers an overview of the steps that organizations can take to recover from an attack. These include:

  • Always have an incident recovery plan
    • Define roles and strategies
    • Define who will make the decisions
    • Explain operations continuity
    • Identify business-critical services/operations
  • Create data backups
  • Test restoration
  • Manage contacts

NIST CSF Functions Explained in The Framework

The draft has also mentioned five NIST CSF functions for security services to help improve infrastructural integrity. These include:

  1. Identification of threats before it becomes damaging
  2. Protect data by implementing appropriate safeguards
  3. Detect threats as soon as they arise
  4. Respond to threats as soon as they are detected
  5. Recover and maintain plans for future resilience

Based on how rapidly our cybersecurity environment is changing, NIST is also considering updating other relevant sections of its standards. If you would like to learn how you can implement them in your infrastructure or are having difficulty finding/understanding them, we urge you to give us a call. Americom’s Security Services are always here to help!