Develop and implement appropriate activities to detect the occurrence of a cybersecurity event. This requires organizations to implement processes and technologies to facilitate monitoring of their organization’s environment in real time for a cyber attack such as ransomware attack. If breached, ransomware only needs a few hours to encrypt and/or cripple IT systems, typically halting critical operations. In the case of healthcare providers, this can lead to loss of patient life.
The resources listed below can be used to aid your organization with developing and implementing appropriate activities and technologies to detect the occurrence of a cybersecurity event.
User Awareness Training
User awareness training helps every employee in your organization to better recognize, avoid, and report potential threats that can compromise critical systems via known attack vectors, including phishing and ransomware. MITRE’s “Suspicious” program illustrates how to educate and incentivize users on how to avoid email-borne malware.
Monitor Threat Intelligence
Whenever possible, defenders should monitor public and private intelligence sources to keep abreast of the latest threats that their organizations may face. This can both inform defensive preparations in advance of a ransomware attack, as well as make an organization aware that an active campaign is targeting their sector, so that cyber defenders can take necessary steps for increased vigilance.
Cyber Analytics Repository (CAR)
CAR is a knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.
NIST Data Integrity: Detecting and Responding
The National Cybersecurity Center of Excellence (NCCoE), in collaboration with members of the business community and vendors of cybersecurity solutions, has built an example solution to address data integrity challenges. This project details methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. It also identifies tools and strategies to aid in a security team’s response to such an event.