Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
206682 VENTUREBEAT 2021-4-30:
Ransomware task force unveils broad manifesto for fighting back
1.000 Find similar Compare side-by-side
206778 VENTUREBEAT 2021-4-29:
It’s now or never: Society must respond to the ransomware crisis
0.791 0.676 Find similar Compare side-by-side
206969 ARSTECHNICA 2021-5-1:
An ambitious plan to tackle ransomware faces long odds
0.827 0.635 Find similar Compare side-by-side
206726 ZDNET 2021-4-30:
Ransomware is now a national security risk. This group thinks it knows how to defeat it
0.689 0.599 Find similar Compare side-by-side
206466 TECHREPUBLIC 2021-4-28:
Ransomware attack hits Washington, D.C. police department
0.019 0.462 Find similar Compare side-by-side
206638 ZDNET 2021-4-27:
Ransomware extortion demands are growing, and so is the downtime caused by attacks
0.450 Find similar Compare side-by-side
206702 VENTUREBEAT 2021-4-29:
Government and industry to combat ransomware with Bitcoin regulation
0.088 0.418 Find similar Compare side-by-side
206565 TECHREPUBLIC 2021-4-27:
Senator discusses priorities for advancing national cybersecurity legislation
0.387 Find similar Compare side-by-side
206520 ARSTECHNICA 2021-4-28:
Ransomware crooks threaten to ID informants if cops don’t pay up
0.004 0.378 Find similar Compare side-by-side
207152 ZDNET 2021-5-3:
XDR defined: Giving meaning to extended detection and response
0.319 Find similar Compare side-by-side
207106 TECHREPUBLIC 2021-5-3:
Forrester unveils a new research portfolio
0.300 Find similar Compare side-by-side
206569 ZDNET 2021-4-27:
UnitingCare Queensland security incident takes some systems offline
0.292 Find similar Compare side-by-side
206714 VENTUREBEAT 2021-4-29:
AI-powered cybersecurity platform Vectra AI raises $130M
0.283 Find similar Compare side-by-side
206842 ZDNET 2021-4-29:
DevOps progress: spotty, siloed and sporadic, but still moving forward
0.277 Find similar Compare side-by-side
206648 ZDNET 2021-4-27:
FBI: Russian hackers are still trying to break into networks, here's how to protect yours from attack
0.277 Find similar Compare side-by-side
206839 ZDNET 2021-4-29:
Accenture acquires French cybersecurity firm Openminded
0.275 Find similar Compare side-by-side
206503 TECHREPUBLIC 2021-4-27:
"Crypto Dictionary: 500 Cryptographic Tidbits for the Curious" is a crash course in ciphers and cryptids
0.272 Find similar Compare side-by-side
207047 VENTUREBEAT 2021-5-2:
A definitive primer on robotic process automation
0.271 Find similar Compare side-by-side
206372 VENTUREBEAT 2021-4-28:
Viso Trust assesses third-party cybersecurity risk with AI, raises $3M
0.267 Find similar Compare side-by-side
206416 TECHREPUBLIC 2021-4-28:
Are you a tech leader or laggard?
0.267 Find similar Compare side-by-side
206487 VENTUREBEAT 2021-4-27:
Red Hat open-sources TrustyAI, an auditing tool for AI decision systems
0.265 Find similar Compare side-by-side
206568 ZDNET 2021-4-27:
Private equity firm Thoma Bravo to spend $12.3 billion on Proofpoint acquisition
0.265 Find similar Compare side-by-side
206753 TECHREPUBLIC 2021-4-29:
Deloitte and Kellogg School: Chief strategy officer role is evolving to drive digital transformation
0.265 Find similar Compare side-by-side
206888 VENTUREBEAT 2021-5-3:
Imperva acquires API security company CloudVector
0.260 Find similar Compare side-by-side
206558 VENTUREBEAT 2021-4-28:
Accenture says IT investments are bearing fruit
0.255 Find similar Compare side-by-side

1

ID: 206682

URL: https://venturebeat.com/2021/04/30/ransomware-task-force-unveils-broad-manifesto-for-fighting-back/

Date: 2021-04-30

Ransomware task force unveils broad manifesto for fighting back

Join Transform 2021 this July 12-16. Register for the AI event of the year. The Ransomware Task Force (RTF) yesterday unveiled its comprehensive guidance for battling ransomware, information securitys preeminent scourge. The 81-page report, titled Combatting Ransomware: A Comprehensive Framework for Action, gives enterprise defenders their first structured standardized guidance for ransomware defenses. The project began in January 2019 and was organized by the Institute for Security and Technology (IST), a Bay Area-based nonpartisan nonprofit group that champions networking and collaborative efforts to address information security challenges. The cost of ransom paid by organizations has nearly doubled in the past year and is creating new risks, many that go far beyond monetary damage, IST CEO  Philip Reiner said in a statement. We felt an urgent need to bring together world-class experts across sectors to create a framework that government and industry can pursue to disrupt the ransomware business model and mitigate the impact of attacks. The RTF, made up of 60 industry experts, spent more than two years engaged in intense collaboration to develop these recommendations. The task force includes an eclectic mix of organizations representing government agencies, technology vendors, financial institutions, and academia. The RTF Framework mirrors the well-known NIST Cybersecurity Framework (CSF) by grouping recommendations into logical target areas. Where NIST describes specific technical actions in its five functions, the RTF authors opted to distribute 48 higher-level recommendations across four goals: deter, disrupt, prepare, and respond. Defenders looking for specific NIST-like technology controls for ransomware mitigation, response, and recovery will have to wait a little longer. On the whole, the RTF Framework addresses high-level policies and processes, including advocating for the creation of more technical guidance, particularly for underfunded and critical industries. Guides and technological tools to mitigate ransomware are currently available, however, many are insufficient, overly simplified, or too complicated, and the general level of noise surrounding this problem is confusing and problematic, the RTF report authors wrote. The single most impactful measure that could be taken to help organizations prepare for and respond to ransomware attacks would be to create one internationally accepted framework that lays out clear, actionable steps to defend against, and recover from, ransomware. Jen Ellis is vice president of community and public affairs at security vendor Rapid7 and a task force committee co-chair. She told VentureBeat the frameworks approach developed, in part, from taking a hard look at what organizations were – and were not – doing to protect themselves. Over recent years, there has been a great deal of investigation into ransomware attacks and trends, and many cybersecurity vendors have provided responses either in the form of technology solutions and services, or guidance and best practices, Ellis said. Yet adoption is slow or possibly ineffective, which suggests that organizations either lack an appetite for these offerings, presumably because they dont understand the ransomware threat or how the solutions can help mitigate it, or because they lack the capability or resources to adopt. The Task Force included end user organizations of all sizes and we sought their perspective on the reality here, Ellis added. What we heard from them was that the amount of noise on this topic is hard to navigate and interpret, and guidance often seems overly-simplified, while technologies on the other hand often seem complicated or too time-consuming to deploy. Where the RTF Framework shines is in challenging the public and private sectors to take bold action to beat ransomware at every stage of its miserable lifecycle. In addition to developing future technology guidance, the frameworks top recommendations include: Kevin Johnson is CEO of Secure Ideas, a security consultancy, incident response, and training firm in Jacksonville, Florida. He said the RTF Frameworks lack of technical specificity aside, the framework addresses a clearly pressing need to find an organized, structured way to tackle the ransomware problem. Over the last few years, it has become abundantly clear that organizations must prepare for a ransomware attack, Johnson told VentureBeat. This preparation includes understanding what resources are actually within your organization and how you will deal with those resources being encrypted. Way too often in our testing , we find that not only are companies not prepared for this type of attack, but they also are surprised when we show them the machines and services they actually run, Johnson said. The RTF makes clear in its report that the framework is not a choose-your-own-adventure exercise designed for piecemeal implementation. Each recommendation interlocks with other actions, and the strength of the total effort depends on coordinated and complete execution. For example, reducing the profitability of ransomware through financial controls thwarts crimes in progress and also acts as a deterrent, discouraging future actors from engaging in similar malefactions. Our hope with the recommendation of a single, unified framework, is to produce consistent guidance that breaks deployment down, making it more relatable and manageable, and thus more actionable, said Rapid7s Ellis. We hope to create a single source of truth that provides some sense of what a path to maturity might look like, while also giving less-resourced organizations a reasonable and impactful starting point.