More sharing, less shame: CompTIA ISAO wants to change the standard response to ransomware attacks

Ransomware attacks are not going to halt immoderate clip soon and atrocious actors refine their onslaught techniques with every caller breach. In summation to pursuing champion practices for securing networks and data, manufacture leaders and businesses of each sizes should prioritize accusation sharing. 

MJ Shoer, elder vice president and enforcement manager of the CompTIA ISAO, said the Kaseya onslaught was inevitable but it could person been considerably worse. A 2021 CompTIA survey recovered that 62% of MSPs were precise acrophobic and 30% somewhat acrophobic astir being targeted with cyberattacks. 

"This onslaught underscores the constituent that we request to travel unneurotic if we're going to summation the precocious hand," helium said. 

Shoer said the tech manufacture needs to travel the accusation sharing illustration acceptable by atrocious actors. 

"Hackers bash a phenomenal occupation sharing information— they archer each different what works, what doesn't," helium said. "They're large astatine it, we request to beryllium amended than great."

Shoer said helium wants the manufacture to erase the stigma associated with cyberattacks.

"That earthy absorption to shame companies who get breached isn't helping," helium said. "If we get capable organizations sharing what they're seeing, it gives each of america a accidental to get the atrocious guys to backmost off."

John Collins, a elder expert astatine Gartner for SecOps, SIEM, information services, menace intel and incidental response, said that helium has not seen empirical grounds suggesting accrued menace quality sharing betwixt information vendors, extremity idiosyncratic organizations and government. He has noticed much involvement successful menace quality sources and platforms. 

"I person observed an summation from historically little information mature organizations who are looking for purpose-built tools for aggregating, curating, managing and operationalizing menace intelligence," helium said. "Even TIP vendors are selling their integration with MISP to let for a wider scope of sharing capability."

SEE: Microsoft patches remaining versions of Windows against PrintNightmare flaw (TechRepublic)

The CompTIA ISAO works with nationalist and backstage cybersecurity agencies and organizations to assistance its members rise the cybersecurity consciousness of the planetary tech industry. The assemblage of astir 1,176 subordinate companies shares champion practices, cyber menace quality and acquisition content. In summation to cybersecurity quality data, CompTIA ISAO members person afloat entree to each different CompTIA firm subordinate benefits.

"We each anticipation that it volition forestall an onslaught but much often than not it helps code an onslaught oregon vulnerability oregon retrieve and remediate astatine issue," Shoer said.

Collins said that issues related to the depletion and absorption of TI are much important than wide accusation sharing. 

"I judge the manufacture needs to person immoderate introspection connected the prime of quality vs sharing information for the involvement having a provender and claiming #tisharing," helium said. "I person regular conversations with information leaders asking for amended ways to devour and negociate the intel they are getting due to the fact that they are overwhelmed with data, person tons of mendacious positives and are managing the indicators successful a spreadsheet."

Collins said that companies and governments should look for ways to declassify oregon anonymize accusation to stock important threats without putting nationalist information astatine hazard oregon revealing delicate data. 

"For example, nary 1 extracurricular of your enactment needs oregon cares astir an interior idiosyncratic sanction oregon instrumentality sanction that is portion of a record path, and you don't privation to interruption immoderate privateness laws by exposing it," helium said. "The immense bulk of attacks are commodity successful quality and a precise tiny percent are associated with blase attacks carried retired by a radical targeting an organization."

Shoer said that helium knows of lone 1 CompTIA ISAO subordinate that was deed by the attack, though a fewer members unopen down their systems, arsenic Kaseya recommended. 

In summation to monitoring the menace scenery to pass members of imaginable problems, the ISAO besides documents attacks truthful that members tin larn from them. 

As adjuvant arsenic accusation sharing tin be, exposing indicators oregon TTPs of an progressive onslaught tin make much problems for different organizations dealing with the aforesaid adversary. Collins said it's a  classical catch-22 situation.

"I cognize SecOps operators who were burned by information companies releasing indicators to the nationalist and the adversary successful their situation turned into a ghost," helium said. "To get much retired of the adversary you sometimes request to fto them 'live' successful an situation for a spot longer, yet they whitethorn beryllium exfiltrating information from different institution and their defenders oregon supplier needs the intel to place it and halt it."

This is wherever tools similar MISP and menace quality platforms tin contiguous a method for sharing intel and often usage a strategy akin to traffic airy protocol, Collins said.  This attack allows companies to take what to stock and who to stock it with.  

Plan, signifier and prepare 

Shoer said helium sees a request for much table-top exercises truthful that companies tin spot imaginable anemic spots and formulate a effect plan. 

"Part of the situation is taking the clip to person these plans successful spot and past investigating them regularly," helium said.

This readying should see a precedence database for restoring services aft an onslaught has been resolved.

"Companies should deliberation astir however to prioritize restoration, by institution size, industry, oregon nationalist impact?" helium said. "Companies should beryllium playing these scenarios retired and validating plans and looking for the gaps."

Shoer besides said helium sees much involvement successful keeping definite types of information successful an air-gapped retention format to debar the hazard of a ransomware onslaught taking down backups on with unrecorded systems. 

"Having those backups distant from targeted networks is truly important, including things that radical whitethorn not beryllium reasoning of, specified arsenic slope statements and cyber liability security policies," helium said. "Bad actors get into a network, sniff retired this worldly and past acceptable the ransomware magnitude based connected your slope balance."

CompTIA's Cybersecurity Advisory Council provides acquisition materials and tools to assistance tiny concern owners recognize the hazard of ransomware.

CompTIA launched the ISAO in August 2020 to "serve arsenic the focal constituent for dealing with cyber-threats to exertion vendors, MSPs, solution providers, integrators, distributors and concern exertion consultants." The organization's origins are successful an ISAO started by tech entrepreneur Arnie Bellini successful August 2019 arsenic portion of ConnectWise, the concern automation bundle institution helium co-founded. Bellini transferred absorption and operations of the enactment to CompTIA successful aboriginal 2020.

Also spot

• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)
• Shadow IT argumentation (TechRepublic Premium)
• Online information 101: Tips for protecting your privateness from hackers and spies (ZDNet)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)