February 4th, 2021
Ransomware - There's a Tool for That - WST
In a previous WST, you may have noticed a bulleted item for a Ransomware Self-Assessment Tool (R SAT). Or you may not have. Regardless, it's something you'll likely be hearing more about, so this week we're going to take a closer look at it.
There can be no denying that ransomware has had a significant and increasing impact on organizations of all sizes across multiple industries. With a reported average of 16 days of downtime and an average payment of $84,000 last year, ransomware was the second most common malware incident type and the third most common breach type according to the 2020 Verizon Data Breach Investigations Report. Financial institutions are among the most targeted for ransomware, but no industry is immune. In October of 2020, the R-SAT was designed by the Bankers Electronic Crimes Task Force, State Bank Regulators, and the U.S. Secret Service to give financial institutions another tool in their arsenal to identify gaps in their information security postures that could leave them susceptible to ransomware attacks.
Quick show of virtual hands - who has heard of the R-SAT? There are already calls from a couple of state banking regulators to have the worksheet filled out in January (AL, OH). Others are asking that it be completed and submitted for review in Q1 (AR). To see how your institution may be impacted, an Internet search for "Ransomware Self-Assessment Tool" and your state should lead you to relevant information unless your state hasn't made a statement yet.
So, what is this remarkable new tool that's going to save your institution from the scourge known as ransomware? First, let's do a quick sanity check. The R-SAT is NOT a magical inline filter that plugs in to your external firewall interface, immediately identifies all ransomware and unmercifully squashes it like the unholy vermin it is. Rather, it's a questionnaire designed to help you think about things you may not have thought of before about your network security posture. Sixteen questions are presented that cover areas like:
- What compliance framework(s) are you using, if any?
- What kind of controls and policies do you have in place?
- What types of data do you have (and where it is stored)?
- What assessments have you performed?
At this point you may ask, "How is that any different from any other audit or assessment I already do nineteen times a year?" Candidly, it's really not much different. However, have you ever taken an audit report and said, "Yeah, this shows me EVERYWHERE I'm vulnerable to ransomware!" Unlikely. And that is where the R-SAT differentiates itself. It helps you to take information you may already have and consider it in a different context. And, like any self-assessment, the R-SAT is only going to be useful if you're completely honest with your answers. This isn't an attempt at playing "Stump-the-Chump;" the answers you provide can help your Risk, Compliance, and Information Security teams (or team, if all areas are handled by one group or person) get a better understanding of the areas that may require some additional focus, which should aid your C-level execs and board members get an idea of how vulnerable (or not) your institution is.
At this point, if your interest is at all piqued, the best idea would be to download the R-SAT and start filling it out. You can find it at https://www.csbs.org/ransomware-self-assessment-tool. Happy hunting!
Authored by: Rich Whyrick, MCP, ITIL, Security+
You May Want to Read More:
The Scope of SARs - Something Old and Something New - WST
January 28th, 2021
Did you know that filing Suspicious Activity Reports...
In with the new year, out with the Flash - WST
January 21st, 2021
The writing has been on the wall for a while now ...
Back to Basics: Understanding Risk Concepts - WST
January 15th, 2021
People often make judgements and decisions about risk...