Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

CISA Shares Guidance on How to Prevent Ransomware Data Breaches

CISA Shares Guidance on How to Prevent Ransomware Data Breaches

The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes.

CISA’s fact sheet includes best practices for preventing ransomware attacks and protecting sensitive information from exfiltration attempts.

The federal agency issued these recommendations in response to most ransomware gangs using data stolen from their victims’ networks as leverage in ransom negotiations under the threat of publishing the stolen info on dedicated leak sites.

“Ransomware is a serious and increasing threat to all government and private sector organizations, including critical infrastructure organizations,” CISA said.

“All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems.”

Also Read: 5 Types of Ransomware, Distinguished

How to block ransomware and protect data

CISA encourages organizations to implement recommendations shared in the info sheet published on Wednesday designed to streamline the process of preventing and responding to ransomware-caused data breaches.

Among the advice included to prevent ransomware attacks, CISA says that at-risk orgs should:

  • Maintain offline, encrypted backups of data and regularly test backups
  • Create, maintain, and exercise a basic cyber incident response planresiliency plan, and associated communications plan
  • Mitigate internet-facing vulnerabilities and misconfigurations to reduce the attack vector
  • Reduce the risk of phishing emails from reaching end users by enabling strong spam filters and implementing user awareness and training programs
  • Practice good cyber hygiene (use up-to-date anti-malware solutions and application allowlisting, enable MFA, and limit the number of privileged accounts)

To block ransomware gangs from gaining access to customer or employee sensitive or personal information, CISA recommends:

  • Implementing physical security best practices
  • Implementing cybersecurity best practices (don’t store sensitive data on Internet-exposed devices, encrypt sensitive info at rest and in transit, use firewalls, use network segmentation)
  • Ensure your cyber incident response and communications plans include response and notification procedures for
    data breach incidents

Additional info on how to defend against and respond to ransomware attacks is available in the fact sheet and on CISA’s recently launched StopRansomware.gov web portal.

Ongoing effort to fend off the escalating ransomware threat

CISA’s ransomware data breach guidance follows an almost continuous barrage of ransomware attacks targeting the US public and private sectors in recent years.

For instance, the networks of Colonial PipelineJBS Foods, and Kaseya customers were hit in a string of ransomware attacks within just two months.

Since December 2019, CISA has issued multiple warnings to private industry partners, starting with info on LockerGoga and MegaCortex targeting worldwide organizations and a ransomware attack against a US natural gas compression facility, part of the critical US infrastructure sector.

Also Read: Data Protection Policy: 8 GDPR Compliance Tips

Earlier this month, CISA announced the Joint Cyber Defense Collaborative (JCDC) partnership across public and private sectors focused on defending critical infrastructure from ransomware and other cyber threats.

The federal agency also released a new ransomware self-assessment security audit tool in June to help at-risk organizations understand how well they’re equipped to defend against and recover from ransomware attacks targeting their information technology (IT), operational technology (OT), or industrial control system (ICS) assets.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us