CISA's latest ransomware warning promotes fighting social engineering at the top of the document, once again



CISA-StopRansomwareSo, today CISA released another ransomware notice. The Cybersecurity and Infrastructure Security Agency is an agency of the United States Department of Homeland Security that is responsible for strengthening cybersecurity and infrastructure protection. 

When CISA first started doing public ransomware advisories years ago, fighting social engineering was rarely mentioned as a defense, despite the fact that they had identified social engineering as the main way ransomware exploited customers. Now, security awareness training is in the top 3 of every CISA and FBI ransomware warning. We'd love it to be number one, but we can take it as a win. This is a zoomed-in picture of the top right box:

 

CISA-actions-to-take

We're not sure how much Roger Grimes was involved in this outcome, but he did bug CISA every single time he came across a CISA or FBI warning that did not include SAT as a top defense. 😄
 
Here are the top three defenses that he's been recommending, with varying details, in every KnowBe4 webinar he has given for years. 
Grimes-top-three-defensesTo be sure, we don't know if we had anything to do with CISA's top 3 recommendations, they do not tell us anything about those decisions, but we like to think our nudges helped. 
 
Here is the link to the CISA #StopRansomware Advisory:

Ransomware Has Gone Nuclear, How Can You Avoid Becoming The Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cybercriminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff.

After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

GoneNuclear-WEBINARJoin us for this webinar where, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, dives into:

  • Why data backups (even offline backups) won’t save you
  • Evolved threats from data-theft, credential leaks, and corporate impersonation
  • Why ransomware isn’t your real problem
  • How your end users can become your best, last line of defense

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/nuclear-ransomware

Topics: Ransomware



Subscribe To Our Blog


Free Phishing Security Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews