The Ransomware Task Force (RTF) is a group of high-profile security vendors who teamed up with the Institute for Security and Technology (IST) in December of 2020 to combat ransomware. Members include high-profile organizations like McAfee, Microsoft, and Rapid7 along with cyber advocacy groups such as the Cyber Threat Alliance and the Global Cyber Alliance. The CEO of IST, Philip Reiner, is optimistic about the team expanding its reach and impact, saying:
“We intend to work quickly. We’re looking to pool our resources and point out to people where they can get information about ransomware, plus have some clear ideas we can present in the form of new laws and funding required to combat ransomware.”
The experts who joined the task force felt it was critical for the industry to focus on combatting ransomware due to the increasing difficulty in recovering from these attacks. The RTF has put together what Sachin Bansal, general counsel of SecurityScorecard calls the ‘Avengers’ of cybersecurity to proactively combat ransomware, and they’re hoping other high-profile organizations and individuals join the fight.
Now’s the time for the technology industry to work on the ransomware threat as attacks continue to increase in frequency and impact.
What does this mean for an SMB?
Work has been done in the past in an attempt to combat ransomware, but the task force’s main goal is to reduce the frequency and impact of these attacks. While the RTF does its work, your company cannot wait for a magic bullet. All businesses must take action to improve your cybersecurity and reduce the likelihood of falling victim to ransomware attacks. Therefore, your company must:
- Adopt two-factor authentication to prevent a password breach of your business’s VPN, email services, and any other critical service that is directly Internet accessible
- Adopt a password manager for all your staff to use personally and professionally to improve password hygiene
- Regularly backup data following the 3-2-1 backup method for backing up all your critical and sensitive data
- Train employees on how to spot and avoid phishing attacks – the primary way ransomware attacks occur
- Test employees on their training to validate they can spot and delete rather than click and succumb to a ransomware attack
- Have a documented and tested Business Continuity and Disaster Recovery (BCDR) plan.
There are many other protective measures that go into a robust cybersecurity program including performing a risk assessment, building a risk management framework, and various technical protections. Learn all about these and start building your robust defense-in-depth cybersecurity plan at CyberHoot.