Please fill in the form below to subscribe to our blog

CISA, NIST Ransomware Protection Guides Highlight Simple Solution

October 19, 2020
ransomware protection presented as a hand with a key reaching from one laptop screen over another over a world flat map in red and white

Guides Recommend Best Practices for Ransomware Protection as Threats Rise

Two recent guides to ransomware protection and response have been released by the US Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST). Both agencies have outlined plans to protect businesses from cyberattacks like ransomware and help guide a smooth recovery if a company is affected by a cyberattack in a rising threat landscape.

Danger is Increasing

The timing couldn’t be better – ransomware attacks have been ratcheting up around the world. We report on ransomware every week in The Week in Breach, and it’s become our most common incident of this year. Research bears that out – ransomware attacks have grown by an eye-popping 715% year-on-year and are surging in every sector. This comes on the heels of a more than 660% increase in phishing email in 2020, the most common delivery system for ransomware.

What to Expect When You’re Expecting Ransomware

CISA’s two-part “Ransomware Guide” is designed to provide an overview of ransomware threats, including a list of guides and resources available through other federal agencies. It also includes a checklist to guide a ransomware response operation. The clear, step-by-step presentation makes a great starting point for teaching business owners why ransomware is such a dangerous threat.

The guide also packs some no-nonsense advice. It offers an excellent look at how a company gets hit with a ransomware attack, what might be impacted, and how to start mitigating the damage. It also includes some common sense warnings that the non-tech-savvy might need, like making it clear that paying the ransom does not mean that you’ll get your data back or it won’t be copied or released.

So You’ve Opened the Wrong Email…

The NIST guide, “Data Integrity: Recovering from Ransomware and Other Destructive Events” takes a more holistic view. While ransomware is still the star of the show here, it also explores some other disasters that businesses can face. This guide focuses on maintaining data integrity. and offers thorough, detailed explanations with screenshots of ransomware and other malware attacks.

This publication is significantly more focused on recovering from a cyberattack than preventing one. It also includes clear, easy-to-follow flow charts delineating the steps that IT teams need to take in order to mitigate damage and start recovery quickly. The National Cybersecurity Center of Excellence at NIST deliberately used commercially available and open-source tools to devise solutions that any business can use.

Ransomware 101 eBook

Don’t let your profits get kidnapped by ransomware. Learn how to defend against today’s scariest threat now!


Both books agree: ransomware attacks are preventable, and you don’t have to spend a fortune to do it. CISA’s guide includes a section on federally available resources to help businesses avoid getting clobbered by a ransomware attack. NIST also includes information on how to assess a company’s risk for ransomware and how to put protection in place against it. And everyone acknowledges how greatly COVID-19 and the sudden transfer to a remote workforce have impacted business cybersecurity.

More Expensive Doesn’t Mean Better

There’s one common theme presented as a sure-fire way to reduce a company’s risk, and our research bears out the same results: phishing resistance training. Increased cybersecurity awareness and phishing resistance through regular training is a proven winner that reduces a company’s chance of being impacted by a cybersecurity nightmare by 70%.

But all training solutions aren’t created equal. BullPhish ID is a dynamic, flexible, phishing resistance training solution that not only packs all of the components that you need into one library containing more than 80 preloaded “set it and forget it” phishing campaign kits in 8 languages, including video and online testing to measure retention. 4 new kits are added every month to keep staff’s training fresh on the latest threats – including COVID-19 related scams.

We’ve made sure that BullPhish ID is ideal for remote or in-office training. remote workers are more likely to have trouble identifying phishing emails, so frequent training that can be handled remotely is key to improving their performance – skills gained from training only last about 4 months.

Downloading both guides provides a helpful resource to use as IT departments start finalizing their 2021 cybersecurity strategies. Add BullPhish ID to that plan right now, because with phishing and ransomware at an all-time high this year – just ask Twitter. In a growing threat atmosphere and a shrinking economy, every business needs all of the help that it can get to stay out of danger.