A few months ago, the National Institute of Standards and Technology (NIST) released a draft framework for ransomware risk management. But it's not the only publication on such threats, as the institute has also produced a guide recently on how MSPs should protect data from ransomware and other data loss events.
NIST divides this guide for MSPs into several sections:
Identify the most sensitive files to be backed up, as well as which back-up files need to be secured offline. In addition, organizations should have their own back-up -independent of the MSP. In this regard, it recommends following the 3-2-1 rule:
Keep three copies of any important files: one primary and two back-ups.
Keep the back-up files under two different storage media.
Store one copy offsite.
Determine and plan recovery times (RTO) to minimize impacts on business operations.
Be aware of any regulatory data retention requirements.
Keep a set of offline systems outside the business network and have a separate network located outside the office in case it is not available.
Have data recovery "go bag" ready, ideally containing a copy of critical data and security keys written in physical format.
- Testing and monitoring:
Verify back-up file integrity and updating.
Test the automatic response and recovery times for back-up files
Capabilities and Technology
Integrate the most appropriate storage technologies in a balanced way, taking into account the needs and resources of the company: a 100% Cloud model is not secure against hackers and highly dependent on network connectivity while a local storage model also carries risks due to lack of off-premises availability.
Consider encrypting files, both online (using HTTPS connections) and those stored physically and in back-ups.
Adopt IT architecture infrastructure for MSPs that take into account the above advice and other practices listed in NIST’s Deployment Recommendations in its ransomware recovery guide. The diagram below illustrates a typical model:
The guide concludes that these recommendations are a big help to MSPs in mitigating the impact that ransomware can have on their data and, therefore, on their customers' important information. It enables organizations to minimize any damage caused by incidents such as BlackMatter, the latest "ransomware as a service" (RaaS) tool, and threats targeted at large companies and organizations that have hit critical infrastructure as well as the food and agriculture sector in the US. In this regard, US agencies have recommended adopting several measures, in addition to the data back-ups we have discussed, such as deploying advanced protection technologies for endpoints, and always using strong passwords with multi-factor authentication (MFA).