This DAP highlights – US Secret Service Live Virtual Training Events. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
What We Learned About Ransomware Resilience
In 2023, The Faith-Based Information Sharing and Analysis Organization (FB-ISAO,) along with our information sharing partners, tracked 77 ransomware incidents that have directly or indirectly affected the faith-based and non-profit community. The increase in incidents from the previous year is dramatic.
In response to the staggering increase and enduring threat of ransomware incidents, we hosted a ransomware resilience webinar for Faith-Based and Non-Profit Communities on 06 February 2024. Andy Jabbour, Senior Advisor to FB-ISAO, discussed the threat background, along with preparedness and mitigation best practices.
What did we learn?
Organizations have to work on the assumption that no matter how robust their security, a successful attack could occur. Ransomware groups are becoming more sophisticated and the time from intrusion to deployment of the ransomware is becoming shorter – sometimes, just hours. Following best practices can position you and your team to reduce the threat, minimize the risks, and most effectively respond – essentially building up organizational resilience.
“This is resilience: Doing the work up front to prepare for a disruption, anticipating that it will in fact happen, and exercising not just for response but with a deliberate focus on continuity and recovery, improving the ability to operate in a degraded state and significantly reducing downtime when an incident occurs.”
Cybersecurity and Infrastructure Security Agency Director Jen Easterly, 09 Aug 2023, “The Power of Resilience“
Below are some considerations for building ransomware resilience.
Plan. Have a cyber incident response plan (IRP) and know that an IRP is not the same as a ransomware plan. An incident response plan, however, can encompass a ransomware response plan – kind of like every Oreo is a cookie but not every cookie is an Oreo. Review the plan with leadership, your legal resource, your insurance provider, any other relevant parties, and, of course, with your security team!
Exercise. (No! not the kind you do at the gym!). As with building resilience to all-hazards, hold discussion-based exercises, to include executive workshops & tabletops, and also conduct drills, and consider other operational exercises. The FB-ISAO can help organizations learn more about the benefits of exercising.
Share Information. Information sharing build resilience across a whole community. Assume that if your facility is a victim, then other similar facilities may be targets. After the initial emergency passes, help others within your community. (That goes for all incidents – not just ransomware.)
Enable Multi-factor Authentication (MFA). MFA is a way to verify user identity that is more secure than the classic username-password combination. MFA usually incorporates a password, but it also incorporates one or two additional authentication factors. This is important! Learn more about MFA in this short video from CISA.
Patch!
"Update and patch systems promptly: This includes maintaining the security of operating systems, applications, and firmware, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to drive your patch management program." - White House Memo
Ransomware will continue to be a threat, however, building resilience is a way to minimize the impact of such incidents on an organization.