
Author: ISACA
Date Published: 24 May 2021


Schaumburg, IL, USA—In the aftermath of the Colonial Pipeline attack, global IT association and learning community ISACA polled more than 1,调查了美国200名成员,发现84%的受访者认为勒索软件攻击将在2021年下半年变得更加普遍.

本月,Colonial Pipeline遭到袭击,导致美国部分地区的汽油配送严重中断, 重新将防范勒索软件攻击作为全球澳门赌场官方下载的首要话题.

Colonial reportedly authorized a ransom payment of US $4.4 million.

In the ISACA survey, 五分之四的受访者表示,如果他们的组织遭到勒索软件攻击,他们认为他们的组织不会支付赎金. 只有22%的人表示,如果受到攻击,关键基础设施组织应该支付赎金.

“In a vacuum, the guidance not to pay makes total sense. We don’t want to negotiate with criminals,” said Dustin Brewer, senior director of emerging technology and innovation at ISACA. “But when you need to get your business back online, a cost/benefit analysis is going to come into play, and a company is going to do what it needs to do to have continuity. Good cyber-hygiene has to be a focus to avoid getting to this point.”

Among the survey’s other findings:

  • 85%的受访者表示,他们认为他们的组织至少对勒索软件攻击有所准备, but just 32 percent say their organization is highly prepared.
  • 五分之四的受访者表示,他们的组织现在比四年前对勒索软件事件做好了更多的准备, when the WannaCry, Petya and NotPetya attacks inflicted major damage. 三分之二的受访者希望他们的组织在殖民管道事件之后采取新的预防措施.
  • 近一半的受访者(46%)认为勒索软件是未来12个月最有可能影响其组织的网络威胁.
  • Despite the clear risks from ransomware attacks, 38%的受访者表示,他们的公司没有对员工进行任何勒索软件培训.

“事实上,与2017年的攻击相比,超过80%的组织现在对勒索软件事件做好了更多的准备,而且在Colonial pipeline之后,许多组织将采取新的预防措施,这是一个好消息,” said Brewer. “Open reporting of cyberattacks appears to be working, and in this transparency, 我们可以预期,较新的威胁会以更快的响应时间更早地得到缓解.”

ISACA recommends 10 steps companies can take to be better prepared for, and help prevent, ransomware attacks:

  1. Understand risk profiles组织应该对其风险进行评估,以准确地为潜在的攻击做好准备. To do this, cybersecurity teams must take inventory of responsibilities, products and services, and the technical requirements affiliated with each. By defining these risk areas, 网络团队可以在分配网络安全资源时更好地评估最需要关注的领域.
  2. Realize data responsibilities网络安全团队的每个员工都应该意识到他们负责存储的数据类型, transmitting and protecting.
  3. Test for incoming phishing attacks-大多数攻击始于网络钓鱼活动,并且它们仍然有效. 试着从外部测试电子邮件帐户向自己发送由他人识别的去武器化的网络钓鱼邮件来测试过滤器. How often will they make it through? Test it. It is possible that email filters need to be strengthened.
  4. Assess all cybersecurity roles on a regular, event-controlled basis-定期评估和审计网络安全控制,以确保其得到适当的应用和维护. 一个真正成熟的组织将在基于时间的计划和对事件的响应上测试这些控制.
  5. Evaluate patches on a timely basis-确保补丁以有组织和有系统的方式应用. For vulnerable legacy systems that cannot be patched or updated, 将它们隔离在网络中,并确保这些系统无法访问Internet.
  6. Perform regular policy reviews-确保所有相关的网络安全政策不仅存在, 但也要根据不断变化的网络安全形势定期进行评估和更新. Specifically, 根据基于时间的计划和基于事件的实例更新这些策略.
  7. Leverage threat intelligence appropriately在整个网络安全团队中阅读和传播威胁情报可能是压倒性的. Hacks and cyberattacks occur on a 24/7 basis, 在许多情况下,类似攻击的不同分支在一夜之间出现. 了解哪种类型的情报适用于您的组织,并正确地分析它,可以增加对可能构成最大危险的威胁的理解.
  8. Protect end-user devices-我们经常忘记确保最终用户设备的100%保护-不仅仅是网络内的设备, but for all devices used by remote users to access systems. Exclusion lists should be minimal.
  9. Communicate clearly with executive leadership and employees—To gain executive support, 确保向领导阶层的报告和沟通清晰准确. Once leadership understands the threat, the risk and its potential impacts, 网络安全团队更有可能获得保护组织所需的资金和支持.
  10. Comprehend organizational cybermaturity-这里列出的所有要点都是理解组织网络成熟度的一部分, 或者其针对潜在网络攻击和利用的成熟防御准备. Tools like the CMMI Cybermaturity Platform can help organizations understand and improve their cybermaturity.

For more information, 请参阅网络安全专家和ISACA新兴趋势工作组成员Chris Cooper对调查结果和当今勒索软件形势的分析 here.


