Eighty-eight percent of government agencies have experienced at least one cyberattack in the past two years. Why? Public sector organizations offer an abundance of sensitive data for hackers, including social security numbers, confidential health and finance records, and valuable intellectual property. The number of ransomware and cybercrime events aimed at government agencies will only continue to grow. Such attacks cost organizations an average of 21 days of downtime and 287 days to fully recover.
The days are gone when an agency could install a cybersecurity solution and stop worrying; unfortunately, antivirus programs can easily be bypassed. Even if organizations implement the latest and greatest solutions, they may leave some holes that they thought they had secured. The fact is that there are a whole host of things that agencies need to do to really protect themselves now, including repetitive training and education of end users. There are also a number of technological solutions that agencies can use to protect their data.
If your system doesn’t perform logging, then when malware hits your organization, you cannot tell where it originated from and how it is spreading. Central logging is particularly important. Hackers might be able to get on a local system and change logs to cover their tracks. But unless they get access to the central logs, it’s possible for an agency to track where they’ve been. It’s important to find the initial source of an attack, but often agencies can’t locate it until they start looking through logs.
The famous attack of Solar Winds could have been mitigated or even prevented if the company had used stronger passwords, role-based access, and multifactor authentication. Multifactor authentication, in particular, gives an extra layer of protection. Even if an attacker is able to harvest credentials they don’t have the additional information needed to access the target account which is usually out of the attackers control.
Incident Response Team
It’s important to have a team in place to respond in case of an incident. Your organization needs to know not only who is on such a team, but also what each person is responsible for. The team should meet regularly, test backups, and do tabletop simulations; they should have a plan in place if the agency encounters ransomware. The incident response team should include representatives from all your organization’s stakeholders to make sure you have a workable plan to get back online as soon as possible.
Copies of Your Data
Backups are absolutely mission critical to the overall function to the organization. Experts recommend having three copies of your data in at least two different forms of media: spinning disk, SSD, or NVMe drives that are paired with tangible disk or tape. One copy should be off site; make sure that backups flow from on premises to the cloud server, which is making that offside bounce or potentially landing and then copying that data or just moving the entire chain off. This ensures geographic separation of the data.
When ransomware was new and attackers started encrypting files, nobody anticipated it. If you didn’t have good backups, then you were in a bind. Agencies run the same risk today if something newer than ransomware comes out and gets past all their defenses. Everyone needs to have a good backup strategy so that they can recover if something does get through.
It’s critical to test the backups. Make sure you have a plan in place to test the backup daily, weekly, or monthly. Your daily backup routine should include everything: your email, your app server that you were developing yesterday, all that unique data that needs to be available for the end users. At the end of the day, recovering from a ransomware attack usually comes down to whether you have a good backup and recovery strategy.
Zero Trust is treating every network identity as a potential threat. Once you start thinking like that, you can break down where you need to focus your attention. Zero Trust really came about because cybersecurity used to focus primarily on perimeter protection. But the perimeter, the edge, is now distributed more than ever and most recently because of Covid—with so many people working from home—the perimeter has disappeared in a lot of ways. Zero Trust reminds agencies that it’s important to secure endpoint devices, not just on-premises devices—but do some sort of posture checking somewhere along the pathway when accessing data.
View our webinar to learn more about Otava can support your cybersecurity missions and help your agency reduce public sector-specific risks by understanding today’s cybersecurity climate.