勒索软件

Security experts should dispel common myths and develop these new habits for making cyber defenses more accessible.

安全专家应消除普遍的神话，并养成这些新习惯，以使网络防御更容易获得。

Heading into town hall this morning, a civic leader from one of the approximately 19K incorporated US municipalities likely heard about another ransomware attack taking down a counterpart’s municipal services. The report probably recalled a large city like New Orleans, Baltimore, or Atlanta, where ransomware recently disrupted public services for far too many days and incurred recovery costs estimated in the millions, if not billions, of taxpayer dollars. As the news story continues with a cybersecurity expert discussing abstract concepts like “cyber hygiene” or “basic security controls,” the official silently laments the fact that those cities have exceptional technology budgets that total hundreds of thousands of dollars.

今天早晨，进入市政厅的时候，来自大约1万9千个合并的美国城市之一的公民领袖可能听说了另一起勒索软件攻击，导致对方的市政服务瘫痪。 该报告可能回想起像新奥尔良，巴尔的摩或亚特兰大这样的大城市，勒索软件最近在这些城市中断了太多的公共服务，并招致了数百万甚至数十亿美元的纳税人损失。 随着新闻的继续，一位网络安全专家讨论了诸如“网络卫生”或“基本安全控制”之类的抽象概念，这位官员默默地哀叹这些城市拥有数十万美元的特殊技术预算。

Based on my observations in the northeast US combined with national municipality size data, that town official is more likely to represent one of the approximately 90% of small municipalities that have no more than two IT staff. Worse yet, the town may fall into the bottom third of municipalities that lack a single dedicated IT professional, instead distributing IT functions as secondary responsibilities to other civil servants.

根据我在美国东北部的观察结果以及全国市政规模数据，该城镇官员更有可能代表不超过两名IT人员的大约90％的小型市政之一。 更糟糕的是，该镇可能会落在缺少一名专门的IT专业人员的城市中排在最后的三分之一，而将IT职能作为次要职责分配给其他公务员。

Normal business posture would be to have one dedicated security professional for every nine or so IT staff. So, only officials in the largest US cities can follow standard advice to “hire an expert.” Instead, most civic leaders must wonder if they can do anything with the available resources to keep from being in the next ransomware news report.

通常的业务状况是每九个左右的IT员工只有一名专门的安全专业人员。 因此，只有美国最大城市的官员才能按照标准建议“聘请专家”。 取而代之的是，大多数公民领袖必须怀疑他们是否可以利用可用资源做任何事情，以防止出现在下一个勒索软件新闻报道中。

Municipalities can improve cyber defenses despite very limited budgets. To do so, cybersecurity experts need to correct bad habits that contribute to overwhelming non-security professionals and perpetuating organizational weaknesses.

尽管预算非常有限，但市政当局仍可以改善网络防御。 为此，网络安全专家需要纠正不良习惯，这些不良习惯会使不安全的专业人员泛滥成灾，并使组织的弱点长期存在。

Those bad habits center on our tendency to evangelize absolute security control approaches that dismiss context and discount the underlying complexity of the problem space. We continue to fail not just municipal leaders, but also school superintendents, police and fire chiefs, non-profit directors, small business owners, and other similar small and civic organizations, when we push a narrative that belittles the cyber defense challenges that they face. Rather than blaming those who lack access to security expertise for their failure to budget for or implement what the community considers to be basic defenses, we need to learn how to help municipalities bootstrap cybersecurity based on what they have readily available.

这些不良习惯集中在我们宣扬绝对安全控制方法的趋势上，这种方法忽略了上下文并降低了问题空间的潜在复杂性。 当我们推动一种贬低他们所面临的网络防御挑战的叙述时，我们不仅使市政领导人，而且使学校负责人，警察和消防局长，非营利组织负责人，小企业主以及其他类似的小型和民间组织失败。 。 与其指责那些缺乏预算或无法实施社区认为是基本防御措施的人而无法获得安全专业知识的人，不如说我们需要学习如何帮助市政当局根据其现有资源来引导网络安全。

While teamed with municipal and state security leaders over several months as a volunteer advisor to a statewide municipal security effort, my colleagues often challenged what I consider to be standard recommendations. To reframe my perspective of the obstacles town officials face defending against ransomware attacks, I developed three new habits for aligning my experience to the extraordinary constraints that most municipalities face.

在与市级和州级安全领导者合作数月之久，作为全州范围内市政安全工作的自愿顾问时，我的同事们经常对我认为是标准建议的问题提出质疑。 为了重新审视城镇官员在防御勒索软件攻击方面面临的障碍，我养成了三种新习惯，使自己的经验与大多数市政当局所面临的非凡约束保持一致。

习惯1：保持建议简单 (Habit #1: Keep Recommendations Simple)

Ransomware defense and response are complex exercises. The cybersecurity community often distills its recommendations into a set of vague control actions (backup, patch, and train) that even sophisticated organizations routinely fail to do well due to factors outside of their direct control. To best help resource constrained organizations, we need to focus our efforts on areas where officials can most rapidly improve cyber defenses. That starts with simplifying our recommendations to what town officials can directly influence.

勒索软件的防御和响应是复杂的练习。 网络安全社区经常将其建议提炼为一系列模糊的控制措施(备份，补丁和培训)，即使是复杂的组织也常常会由于其直接控制范围之外的因素而无法正常工作。 为了最好地帮助资源受限的组织，我们需要将精力集中在官员可以最快速地改善网络防御的领域。 首先要简化我们对城镇官员可以直接影响的建议。

Those of us who have managed enterprise security programs know that effective system patching and security awareness training rely on too many uncontrollable variables to be more than secondary defenses. Patching depends on vendors repairing software and customers applying the fixes before hackers exploit vulnerabilities. Even when patches are available, applying them depends on personnel-heavy inventory and monitoring within a dynamic asset control environment. As for training, my discussions with security executives indicate that even the best trained organizations can maybe thwart 95% of phishing attacks, the most common vector for ransomware attacks. Most organizations should instead expect at least 1 in 3 users to be susceptible.

我们中那些管理过企业安全计划的人都知道，有效的系统补丁和安全意识培训需要依靠太多无法控制的变量，而不仅仅是二级防御。 修补取决于厂商修复软件以及客户在黑客利用漏洞之前应用修补程序。 即使有可用的补丁程序，也要依靠大量人员库存和在动态资产控制环境中进行监视来应用补丁程序。 在培训方面，我与安全主管的讨论表明，即使是训练有素的组织也可能阻止95％的网络钓鱼攻击，这是勒索软件攻击的最常见媒介。 相反，大多数组织应该期望至少三分之一的用户容易受到感染。

Rather, effective ransomware defense for most organizations begins and ends with backups. As a security control, backups are about the only recommendation that organizations can fully implement on their own. Also, it is the only one of the top recommendations that both helps the organization protect against ransomware attacks and respond to them.

而是，对于大多数组织而言，有效的勒索软件防御始于备份，而始于备份。 作为安全控制，备份是组织可以完全完全实施的唯一建议。 此外，它是帮助组织防范勒索软件攻击并对其做出响应的最重要的建议之一。

Helping under-resourced organizations like municipalities simplify their decision-making empowers them with confidence that they can make progress despite their constraints. Though their efforts may be imperfect initially, that confidence will breed the long-term knowledge and control needed to maintain effective defenses in a rapidly-changing landscape.

帮助资源匮乏的组织(例如市政当局)简化决策，使他们充满信心，尽管受到限制，他们仍可以取得进步。 尽管他们的努力最初可能并不完美，但这种信心将孕育在瞬息万变的形势下保持有效防御所需的长期知识和控制力。

习惯2：使资源可访问 (Habit #2: Make Resources Accessible)

Our bad habit of measuring progress in big bang accomplishments, or worse through the null proof of not failing, betrays a systemic inability to provide guidance that can actually help municipalities defend against and recover from ransomware disasters. Imagine how overwhelming it must be for well-intentioned civic leaders to know that they need help but lack the basis to understand what help they need. Criticizing town officials for inadequate budget or attention to security is condescending because those arguments dismiss how challenging it can be for them to sift through the breadth and volume of the available information to plan for the most appropriate course of action.

我们衡量大爆炸成就进展的坏习惯，或者通过没有失败的无效证明而变得更糟，这背叛了系统性的无力提供指导，实际上无法帮助市政当局抵御勒索软件灾难并从中恢复。 想象一下，好心的公民领袖要知道他们需要帮助，却缺乏了解他们需要什么帮助的基础，这是多么的压倒性。 批评市政官员预算不足或对安全性的关注是屈服的，因为这些论点消除了他们筛选可用信息的广度和规模以计划最合适的行动路线的挑战。

Working from the perspective that ransomware defense is as easy as sound bytes imply, I challenged myself to find authoritative, comprehensive, unbiased resources that could help town officials accelerate their efforts. It proved to be a frustrating exercise to identify helpful resources to aid in backup and recovery planning. Government guidance, both at the state and federal levels, tends to be vague and idealistically comprehensive, lacking the detail that town officials need to get started. Expert guidance, even when not overtly sales-driven, tends to be too detailed and endpoint-oriented, lacking the structured decision-making workflow that town officials need to prioritize their efforts.

从勒索软件防御就像声音字节所暗示的那样容易的角度开展工作，我向自己发起挑战，以寻找能够帮助城镇官员加快工作速度的权威，全面，公正的资源。 事实证明，确定有助于备份和恢复计划的有用资源是一项令人沮丧的工作。 州和联邦政府的政府指导往往含糊不清且在理论上较为全面，缺乏城镇官员需要入门的细节。 专家指导，即使不是很明显地以销售为驱动力，也往往过于详尽和以端点为导向，缺乏城镇官员要优先考虑其工作的结构化决策流程。

Technically, an organization can use built in tools on just about any computer to backup data to a cloud service or connected external hard drive. Practically, business and mission owners have limited knowledge about and often insufficient access to the resources that they need to back up critical services. Even when officials have access, indiscriminate backups are cost-prohibitive for most municipalities and less likely to be verifiably correct.

从技术上讲，组织可以在几乎任何计算机上使用内置工具将数据备份到云服务或连接的外部硬盘驱动器。 实际上，业务和任务所有者对备份关键服务所需的资源的了解有限，通常访问权限不足。 即使有官员可以使用，对于大多数市政当局而言，随意备份也是成本高昂的，而且不太可能被证实正确。

To make cyber defenses more accessible, we need to do a better job at guiding town officials through the baby steps to help them build confidence in their capacity to improve their security postures. That more empathetic approach promotes the formation of new supportive habits of critically evaluating available resources against their dependencies to aid strategic decision making.

为了使网络防御更加容易使用，我们需要做得更好，以引导镇级官员通过一些小小的步骤，以帮助他们树立对其改善安全态势的能力的信心。 这种更具同情心的方法促进了新的养成习惯的形成，这些养成习惯需要根据可用资源的依赖关系严格评估可用资源，以帮助制定战略决策。

Here in Massachusetts, our early efforts curating resources to help municipalities prepare for ransomware attack culminated in a Municipal Cybersecurity Toolkit hosted by the MassCyberCenter at the Massachusetts Technology Collaborative. For more technical resources that municipal IT folks can leverage right away, check out the great work from the non-profit Global Cyber Alliance, and specifically, its Cybersecurity Toolkit for Elections. While focused on election infrastructure, I think the toolkit provides a great pathway for helping guide municipalities to resources they can quickly leverage to improve their cyber defenses.

在马萨诸塞州，我们的早期工作是收集资源，以帮助市政当局为勒索软件攻击做准备，最终由马萨诸塞州技术合作组织MassCyberCenter托管的市政网络安全工具包达到了高潮。 有关市政IT人员可以立即利用的更多技术资源，请查阅非营利性全球网络联盟的出色工作，尤其是其选举网络安全工具包 。 在着眼于选举基础设施的同时，我认为该工具包为帮助指导市政当局提供可快速利用以改善其网络防御能力的资源提供了绝佳途径。

习惯3：鼓励通过重复进行改进 (Habit #3: Encourage Improvement through Repetition)

As a youth soccer coach, my players have taught me two key characteristics that breed long-term confidence and success in any activity. First, that motivation to engage comes from recognizing accomplishment. We naturally steer towards the activities that bring us contentment and away from those that confound us. Second, players improve most when given enough opportunity to practice that they develop the “muscle memory” for responding to complex conditions predictably and to execute useful skills more intuitively. Players may not succeed in every practice, but they get better with each repetition.

作为一名青年足球教练，我的球员们教给我两个关键特征，它们可以在任何活动中培养长期的信心和成功。 首先，参与的动力来自对成就的认可。 我们自然会转向那些使我们满意的活动，并远离那些使我们感到困惑的活动。 第二，如果有足够的机会进行练习，他们可以开发出“肌肉记忆”，从而可预测地响应复杂的条件并更直观地执行有用的技能，从而可以最大程度地提高运动员的能力。 玩家可能不会在每种练习中都取得成功，但每次重复都会变得更好。

The first two habits support that first characteristic, encouraging town officials to take ownership over what they can individually accomplish based on what they have the power to influence. Cybersecurity can be overwhelming to those who don’t understand it. Pounding harder on town officials only strengthens the barriers that they need to overcome to begin making improvements. This third habit focuses on the second characteristic, leveraging our expertise to help put the official in a position to realize incremental improvement.

前两个习惯支持第一个特征，鼓励城镇官员根据他们有影响力的能力来掌握自己可以完成的工作。 对于不了解网络安全的人来说，网络安全可能是压倒性的。 猛烈镇政府官员只会加重他们开始进行改善所需克服的障碍。 第三个习惯侧重于第二个特征，即利用我们的专业知识来帮助官员实现逐步改进。

When conducted in game-like environments, practice reinforces actions that promote positive outcomes. The same is true for effective cyber defense, shown by the thriving market for tabletop exercise facilitation and cyber range wargaming. While even experienced cybersecurity executives reported gaining value from exercises that I have facilitated, I found that non-security professionals also gain incredible insight from well-designed cyber defense exercises. They may not come out with the technical experience to run everything themselves, but the practice enhances communications pathways to respond faster, aids security control prioritization to strengthen controls where they’re most needed, and identifies where new business processes are needed to improve decision-making.

在类似游戏的环境中进行练习时，练习会加强促进积极成果的行动。 有效的网络防御也是如此，蓬勃发展的桌面运动促进和网络范围作战的市场证明了这一点。 尽管即使是经验丰富的网络安全管理人员都报告说，我通过我所进行的演习获得了价值，但我发现非安全专业人员也从精心设计的网络防御演习中获得了不可思议的洞察力。 他们可能不会具备自己运行所有设备的技术经验，但是这种做法可以增强通信路径以更快地做出响应，帮助安全控制优先级划分，以在最需要的地方加强控制，并确定在哪里需要新的业务流程来改善决策，制造。

Establishing a backup strategy to improve ransomware defense provides a good opportunity for municipalities to begin building their cybersecurity muscle memory. Whereas most security professionals would rightly suggest starting with a comprehensive inventory of the town’s systems and services as part of a standard Business Impact Analysis, I would have the town official start with a simpler exercise that gets a quick win and can be easily repeated.

建立备份策略以改善勒索软件的防御能力，为市政当局提供了一个很好的机会，以开始建立其网络安全实力记忆。 尽管大多数安全专家会正确建议从城镇的系统和服务的全面清单入手，作为标准业务影响分析的一部分，但我希望城镇官员从更简单的练习入手，以快速获胜并可以轻松重复。

For example, I suggest starting with a collaborative, incremental process to determine what resources the municipality most depends on to function and prioritizing early actions against backing up those most critical services. The town official should identify the 3–5 people that are most critical to function continuity. Regardless of role or position on the organization chart, there is usually a small number of staff members who everyone trusts to fix problems. They probably know the most about how the organization functions and the dependencies for delivering critical services, making them central to any defensive action. From there, set aside a few hours with the group to whiteboard those functions and dependencies to determine where backups make the most sense and prioritize actions based on available time and resources. The objective should be to establish an action plan against the highest areas of concern.

例如，我建议从一个协作的，渐进的过程开始，以确定市政府最依赖的资源来运转，并优先考虑采取早期行动来备份那些最关键的服务。 镇官员应确定对功能连续性最关键的3-5个人。 不管组织结构图中的角色或职位如何，通常只有少数每个人都信任的员工可以解决问题。 他们可能最了解组织如何运作以及提供关键服务的依赖性，从而使它们成为任何防御措施的核心。 在那儿，与小组一起花几个小时来白板这些功能和相关性，以确定最有意义的备份位置，并根据可用的时间和资源确定操作的优先级。 目标应该是针对最高关注领域制定一项行动计划。

Under ideal conditions, I would suggest hiring an expert cybersecurity facilitator to conduct the session, capture results, and report out. But, when resources are too tight to hire support, we should be able to provide some minimum resources that will help kick-start the process and build internal competency without specialized expertise. I found one simple template from the state of Oregon that I think municipalities can leverage to capture results from the session themselves to help determine initial backup needs. Then, by encouraging the town official to establish a regular meeting with that core group to repeat the exercise, we help the municipality build the “muscle memory” it needs to more effectively defend against ransomware attacks through practice.

在理想条件下，我建议您聘请专家网络安全服务人员来主持会议，获取结果并进行报告。 但是，当资源太紧而无法聘请支持时，我们应该能够提供一些最低限度的资源，这将有助于启动流程并在没有专门技能的情况下建立内部能力。 我从俄勒冈州找到了一个简单的模板 ，我认为市政当局可以利用这些模板从会议本身获取结果，以帮助确定初始备份需求。 然后，通过鼓励镇官员与该核心小组举行例行会议以重复该练习，我们帮助市政当局建立了“肌肉记忆”，以通过实践更有效地防御勒索软件攻击。

翻译自: https://medium.com/swlh/3-habits-for-improving-municipal-ransomware-defense-c4bd027cad7c

勒索软件

文章知识点与官方知识档案匹配，可进一步学习相关知识Python入门技能树首页概览208256 人正在系统学习中 相关资源：淘金币抵钱怎么用|淘金币自动领取工具v1.3绿色版.zip_淘金币自动…

来源：weixin_26636643