CRA/InfraGard Study: Critical Infrastructure Organizations Struggle to Fight Ransomware
NEW YORK, UNITED STATES: Critical infrastructure companies continue to struggle when it comes to identifying, responding to and recovering from ransomware attacks, according to a new survey from CRA Business Intelligence, the research and content arm of cybersecurity information services company CyberRisk Alliance.
The survey assessed malware and ransomware readiness among 380 security practitioner members of InfraGard, a nonprofit public-private partnership between U.S. businesses and the FBI. Respondents represented the manufacturing, chemical, healthcare, and financial services sectors.
Sponsored by technology solution providers eSentire and Palo Alto Networks, the survey questions mapped to the industry’s benchmark five NIST areas -- Identify, Protect, Detect, Respond, and Recover -- and results aggregated into readiness/resilience scores for each of the measures, as well as an overall composite score.
Among the findings:
When it comes to identifying and protecting systems, assets, data, and capabilities against ransomware and other destructive incidents:
• Only 28% of organizations said they had established integrity baselines of files and systems to monitor for potentially suspicious changes.
• By comparison, only 24% of respondents can enforce configuration baseline/policies on target systems throughout their environment with yet-to-be-mitigated vulnerabilities.
Regarding financial services and insurance firms’ progress in their capabilities to detect and respond to ransomware and other destructive events:
• 43% said they have implemented a formal crises management program that details internal stakeholders, legal teams, and enforcement agencies.
• Interestingly, 10% have no plans to create such a capability.
The best way to recover from a ransomware attack for many organizations is to have a trusted backup. To that end:
• Only 40% of healthcare organizations have the full ability to back up their data and recover their backups based on priority, while 45% can protect their backup files and ensure those backup files remain unaltered.
“Detection of lateral movement is difficult without proper staff or tools,” said a respondent from the financial services/insurance industry.
Top Gaps
Following is a summary of the top security gaps cited by companies in financial services and insurance, healthcare, chemical and critical manufacturing:
Identify & Protect:
• Enforcing configuration baselines/policies on target machines across the enterprise with unresolved vulnerabilities
• Establishing integrity baselines of files and systems to monitor change activity
Detect & Respond:
• Implementing forensics and analytics capabilities to discover the source and effects of any destructive event on data and enable security teams to make necessary changes
• Implementing mitigation and containment capabilities to limit a destructive event’s effect on the enterprise
Recovery:
• Implementing a corruption testing capability to verify the last known good state and oversee restoration of data to that state
• Implementing methods for reviewing and auditing security and crisis management programs for effectiveness and improvement
The full research report is available for download here.
