Unified Security Readiness During the Election Season

Posted on by Chris Dawson, Doug Palermo and Garrett Guinivan

Elections are the backbone of American democracy. Every vote counts, and agencies can help protect the integrity of voting by solidifying IT security. Keeping hardware and software updated is vital for successful cybersecurity. Through proper training and inter-organization communication, security industry leaders and Government agencies can help raise awareness on election-related issues.

Cyber Threat Landscape and Security Challenges in Modern Elections

By taking advantage of interest in elections, bad actors use common and highly trafficked websites to distribute remote access tools, allowing them to exfiltrate massive amounts of data. Traffic distribution system (TDS)—which are utilized to target ads to users, their search history and their location—are used by bad actors to push pop-up ads that prompt users to update their computer system or software. These pop-ups, hidden in TDSs, install ransomware and malware on the user’s device when clicked, making them difficult to find and fix. There is an uptick in these non-stop, ubiquitous attacks every election cycle. Bad actors target users that visit websites to stay updated on election news through pop-ups, phishing, web browser alerts and website subscriptions. All these methods lead users to socially engineered, compromised websites. However, agencies can prevent cybersecurity attacks at the office and at home by administering relevant security awareness training as part of a Human Risk Management Program.

Optimize Company Training on Security Awareness

ProofPoint Election Security Blog Embedded Image 2024

Employees trust their organization as a valuable source of security information. Therefore, it is important that agencies communicate training and awareness effectively to all users. Some anti-phishing modules rely on realignment methods such as enrolling employees for anti-phishing training after they are misled by these kinds of threats. This can create an environment where employees question whether to alert IT when they click on false updates or phishing scams. Instead, agencies can focus on promoting positive behaviors such as congratulating employees who report phishing attempts, small bite sized trainings, and focused awareness campaigns around threats in the landscape. Here are several ways agencies can support their employees in learning and implementing security best practices during this election season:

Focus on real-time awareness: Agencies should prioritize keeping employees up to date on live threats. Traditionally, users were encouraged to keep systems up-to-date by accepting update notices. Now, to keep systems up-to-date while simultaneously discouraging pop-up clicks,

Contextualize email warning tags (EWTs): Emails are a great way to communicate awareness surrounding popular hacking methods. Including banners or visual cues, such as color themes, can help employees recognize company emails, giving them pause when faced with phishing threats. During election cycles, newsletters should focus on deepfakes and their effect on elections.

Utilize modules on demand: People trust their tech company or Government agency’s knowledge more than the news. Security awareness modules, training modules and weekly reminders can all help raise awareness among employees. By allowing users to access education modules at their own pace, agencies can pass on valuable knowledge in a way that is pressure and judgement free.

Focus on relevant topics: Modules should be relevant to employees. For example, training modules should be specific to each user’s job role. Short, one-to-two-minute targeted modules that hold the viewer’s attention can be more valuable than long, untargeted modules. During election cycles, the best modules cover election security, fake updates and safe browsing habits.

Teach at the trainee’s level: Agencies should meet employees at their level. Training should be tailored differently for users who may have more experience using the internet on a regular basis and users who did not have internet as a daily part of their education. Agencies must communicate with employees on security strategies, especially those with higher permission access.

Through all these methods, agencies should focus on the good, positively reinforcing employees and building trust between the individual and their organization.

Transform Company Culture Through Transparent, Unified Security

Focus on the Why: To protect from fake updates and phishing scams, organizations can implement training and assessment strategies into their work culture. Transparency is key: by explaining the purpose of phishing simulations, employers can get employees on board with cybersecurity training. Agencies can use realistic, election-themed phishing simulations during module assessments, which work best in real-time scenarios rather than during training. By monitoring results, agencies can gauge whether users are adequately equipped with the knowledge to report threats within simulations.

Encourage Feedback and Build Trust: By checking in with users after training modules and simulations, agencies can ensure the training has resonated with users, as well as ensuring users do not view trainings as punitive action. The most important part to training simulations is that employees report phishing or pop-up scams to their organization, regardless of if they clicked on them or not. Trainers and leadership teams should use positive reinforcement as corrective behavior to encourage employees to better understand modern scams and how to spot them. It is important to establish that the employee is not in trouble, lest they feel that they cannot report future scams to the organization. Instead, training administrators should build conversations around the reason for clicking. Whether or not the employee was in a hurry, if they had specific training, if they need help or if scams were fallen for at a particular time of day are all valuable information points for preventing future oversights.

Creating a Security Culture: Visual aids placed in common areas are also a valuable learning reinforcement because repetition can help employees remember the most important details surrounding security. Common-sense posters and announcements can be placed in elevators, breakrooms and even on the back of bathroom stall doors. Additionally, agencies should administer regular updates and ongoing education through newsletters, and programming should be consistent and personable. Agencies can:

Send reminders
Share real-world examples
Encourage discussion
Provide easy action items (such as restarting computers daily)
Provide resources for learning and reporting

Unity is key to transforming organizations’ culture, creating awareness around digital hygiene and cybersecurity. Ultimately, repetition, consistency and discussion can help users stay safe and protect the organization from phishing, pop-up scams and other cybersecurity related risks during the election cycle.

To learn more about election security readiness, visit Proofpoint and Carahsoft’s webinar, Navigating the Cyber Threat Landscape: Election Scams. To learn more about Proofpoint’s Human Risk Reduction Solutions, please visit their website. Check out Proofpoint and Carahsofts’ past webinars into the cyber threat landscape.

EdTech Talks: A Comprehensive Look at Security in Education for Safe Learning Environments

Posted on by Tim Boltz

Emerging technologies today are providing K-12 schools and higher education institutions with the capabilities to support seamless and secure campus efforts, which ensures protection of academic environments as well as students, faculty and staff. Remaining vigilant, versatile and adaptable in the current education landscape, especially when it comes to security and student safety, are the most important considerations for education leadership when deciding what new solutions and integrations to incorporate into their schools.

Carahsoft’s annual EdTech Talks Summit brought together industry and education thought leaders to explore three tactical learning tracks: safety for the learning environment, the impact of technology on student growth and development, and modernizing education with artificial intelligence (AI) and machine learning. During the first day’s discussion, speakers provided insights into building safe learning settings with a comprehensive look at both cyber and physical security in education.

Analyzing Current Security Risks

Education institutions face a myriad of cybersecurity challenges such as ransomware, third-party access to school systems, internal bad actors and stolen credentials. One of the most impactful vulnerabilities is a lack of awareness across school communities regarding security. For example, individuals who are unable to recognize a phishing text message that asks the receiver to click on an unsafe link because an account has been frozen may potentially put their own data and their school’s data at risk of exposure.

While cybersecurity is one of the most important aspects of cultivating a successful learning environment, it is just as important to consider physical security for a safe learning environment. Building and campus surveillance, visitor management monitoring, lock down and fire drills, active shooter and crisis management are among some of the ways schools provide personal security for students and staff. With so many aspects of security to manage, schools also must balance being open, inclusive and engaging with communities and culture to provide more expansive learning opportunities while simultaneously protecting against threats on limited budgets.

Protecting Against Cyber Threats in the Modern World

For improved security, educators and industry leaders must collaborate to take proactive measures to safeguard digital infrastructure, data and physical campuses. The best place to start is by ensuring the fundamental standards of cyber defense are in place, functioning properly and are continuously monitored and modernized. This includes solutions and processes such as:

Utilizing multi-factor authentication (MFA) whenever possible
Email and phishing security to avoid ransomware
Maintaining a high standard of digital hygiene through services such as patching and vulnerability management
Creating robust and resilient backup strategies for all data at endpoints and in the cloud
Performing recovery testing to ensure backups and other operations are working accordingly
Providing resources and trainings to engage with school communities to raise awareness of ways students and teachers can defend themselves against physical and cybersecurity threats
Implementing a “see something, say something” mentality across school communities to ensure all potential risks are reported and mitigated
Hiring IT staff and educators who are passionate about the security and safety mission set forth by an institution and allow them to provide new ideas and innovation
Investing in quality cyber insurance to protect institutions against setback from a ransomware attack
Conducting frequent audits to ensure school’s systems are compliant with the latest policy requirements and standards in the case a claim must be made

Security Implementation for Institutions

Industry and education experts alike understand the importance of providing a safe space for all students, whether inside schools or online, and continuously aim to make sure their experience is as productive and valuable as possible. Particularly within higher education, many universities and colleges have individual point solutions that they have integrated into their systems to solve very specific problems, creating a disconnected mixture of security infrastructure. Security must be designed with students in mind and a way that provides optimal learning, collaboration and inclusion—technology can help achieve this imperative goal.

As Government and education sectors continue to move toward cloud environments, managing a multitude of products and solutions can become cumbersome and difficult to regulate security. To combat this, consolidation of products to create increased visibility, automation and agility are key for transforming a current infrastructure to be more successful and produce actionable insights.

Visit the EdTech Talks Conference Resource Center to view panel discussions and other innovative insights surrounding security, AI and student success from Carahsoft and our partners.

About Carahsoft in the Education Market

Carahsoft Technology Corp. is The Trusted Education IT Solutions Provider™.

Together with our technology manufacturers and reseller partners, we are committed to providing IT products, services and training to support Education organizations.

Carahsoft is a leading IT distributor and top-performing E&I Cooperative Services, Golden State Technology Solutions, Internet2, NJSBA, OMNIA Partners and The Quilt contract holder, enhancing student learning and enabling faculty to meet the needs of Higher Education institutions.

To Learn more about Carahsoft’s Education Solutions, please visit us at http://www.carahsoft.com/education

To learn more about Carahsoft’s Cybersecurity Solutions please, visit us at https://www.carahsoft.com/solve/cybersecurity

Applications of Technology in Higher Education at EDUCAUSE

Posted on by Tim Boltz

Technology advancement has resulted in many potential usages for university students and faculty, educational and research institutions and Government agencies. For agencies focused on higher education, taking advantage of new technology can help bolster security and ease student and faculty daily procedures. Industry and education experts joined together at the EDUCAUSE Annual Conference for an immersive experience that facilitated collaboration and discussion to promote the advancement of higher education by using information technology (IT).

Leveraging Security Technology Against Ransomware

With the increasing technology usage in everyday life, many higher education agencies are susceptible to cybersecurity threats like ransomware. The education sector is no exception, with attacks ranging from exploited vulnerabilities, to compromised credentials, malicious emails, phishing attempts, brute force attacks and malicious downloads. As ransomware comes with financial loss, it is important for higher education agencies to invest accordingly in cybersecurity. According to industry statistics, 70% of organizations have successfully recovered data using backup mechanisms. This data recovery is not only much simpler than paying the ransom, but it also removed the attack incentive since paying the ransom encourages bad actors to continue attacks. Higher education institutions own and maintain a significant amount of intellectual property as a source of data wealth and research. To protect this information and ensure the safety and financial success of educational institutions, higher education must focus on creating backups and position IT security staff as trusted advisors, fortify their cybersecurity infrastructure and foster a vigilant culture amongst students and faculty.

Digital Services in Education

With a strong cybersecurity base, universities can reap the benefits of both external and internal digital services. External market data can be used to predict internal performance. Data can help define popular markets, from student demand for majors, future employment opportunities and university competitor information. Educational institutions can utilize technology to analyze data and make millions of calculations in a minimal amount of time. With these predictive analytics, education administrations can make informed decisions when forecasting program sizes, enrollment numbers, scholarships and revenue margins.

Universities can utilize digital applications to offer user-friendly functions to support faculty and students with daily tasks such as helping locate class schedules, campus maps, facility wait times, task notifications and other essential remedies for success. Digital applications with collaboration tools and platforms can connect peers and faculty members in a simple and pragmatic way, facilitating communication on projects and learning objectives. On the administrative side, digital services can reduce time spent by automating functions such as credit transfers and transcript evaluations. Institutions can also utilize digital applications to offer automated aid for student requested services, which reduces call center wait times, manual processing errors and delayed accommodations.

The Varied Applications of AI

In the educational space, AI has a multitude of use cases:

AI can detect cyber threats and vulnerabilities, thus protecting student, faculty and stakeholder sensitive information.
By facilitating the automation of routine security tasks, patches and system updates, AI can free up more time for cybersecurity professionals to focus on more complex initiatives, thus creating a more robust security infrastructure.
Schools can utilize AI’s advanced authentication mechanism to prevent unauthorized access to sensitive data and provide seamless account access for students, faculty and staff.
Institutions are currently using AI to understand the best methods for student retention, a common concern in higher education. Methods such as text-based chat apps are designed to send encouraging messages, tutoring or counseling to students who have been identified as needing additional resources. Text applications can also be used to connect students to enrollment services, tutoring or counseling.
AI’s use of data analytics can facilitate customized learning experiences based on each student’s strengths, weaknesses and learning pace. This includes tailored content, question and answer chatbots and virtual assistants.
Adaptive learning platforms powered by AI can assess individual student performance and deliver tailored content, allowing students to grasp complex concepts at their own pace. This personalized approach enhances student engagement and motivation, ultimately leading to improved academic outcomes.

Since AI will always contain human bias, it is important to apply AI as an additional tool, and not a standalone operation. In maintaining the priority for equality and privacy in the educational sphere, each individual institution must find where AI best fits into their respective organization.

Technology can be utilized to enhance cybersecurity infrastructure, detect compromised systems, analyze data to improve common educational institution functions and improve student performance and morale. By partnering with the IT industry, higher education institutions can posture students and faculty to lead the way to success for the next generation of learners.

To learn more about utilizing IT for education initiatives, view Carahsoft’s Education Technology Solutions Resources.

About Carahsoft in the Education Market

Carahsoft Technology Corp. is The Trusted Education IT Solutions Provider™.

Together with our technology manufacturers and reseller partners, we are committed to providing IT products, services and training to support Education organizations.

Learn more at http://www.carahsoft.com/education

The Evolving Landscape of Cybersecurity in the Healthcare Sector

Posted on by Tim Boltz

As the nation becomes increasingly interconnected through technology, industries are also utilizing new technology to meet patient expectations for quick diagnoses and access to results. However, when this technology usage includes personal or healthcare data that may be sensitive for patients or health systems, cybersecurity becomes paramount and necessitates the implementation of new cyber standards. The Healthcare Information and Management Systems Society (HIMSS), a global society focused on information and technology in the health ecosystem, held its annual HIMSS 2023 Healthcare Cybersecurity Forum in September. Here, industry professionals converged to innovate and discuss strategies for safeguarding the healthcare sector against cyber-attacks. To protect against breaches, the healthcare system must integrate and scale to achieve a more connected technological landscape across the industry to better serve patients.

Ransomware and Cybersecurity in Healthcare

By connecting and improving interoperability between healthcare systems/EHR platforms, overall patient service is improved; however, with features such as digital integration, migration to the cloud and the incorporation of remote workers, cyber vulnerability has simultaneously increased. Bad actors oftentimes target healthcare agencies with ransomware for hire. With the increased capabilities of artificial intelligence (AI), even inexperienced bad actors can create sophisticated and dangerous attacks. Due to the immense financial loss of these attacks, it is vital that agencies prioritize cybersecurity. Hospitals, other healthcare centers, and especially their third-party stakeholders, now face a new barrage of ransomware attacks and data breaches.

There are a couple of steps administrators can take to protect hospital systems, patients and stakeholders.

Implement ‘Security-by-Design,’ a strategy where providers ensure that all products are secure by design and default, with all IT solutions and enterprise environments.
Maintain pace with the evolution of artificial intelligence (AI) and utilize it to defend against bad actors.
Standardize a detailed incident response plan that includes a thorough business continuity plan.
Exchange defense strategies between stakeholders — a united front is stronger than trying to face threats alone.
Implement multi-factor authentication and zero trust on all end users so information is accessed by the parties that need to know.
Apply data encryption to systems to protect sensitive information against hackers.

AI in the Healthcare Industry

While bad actors have utilized the capabilities of AI, the healthcare industry can also use it to improve cybersecurity. AI does not need breaks, and therefore can run all day reducing the time needed to identify a security breach by analyzing large amounts of data in real time. On a similar note, AI can identify multiple devices and manage network endpoint detection for large networks. AI has been used to predict Domain Name System (DNS) attacks before occurrence, preventing and mitigating these attacks. It can implement Secure Access Service Edge (SASE), analyze identities and manage risk. With its strength of detecting patterns, AI can distinguish subtle patterns of attack that would otherwise go unnoticed by people.

Due to the nature of this new technology, the healthcare industry must carefully decide whether it wants to implement AI, and to what extent it will be used. In terms of cybersecurity, AI may be the answer to providing a secure standard for an interconnected healthcare industry.

Partnerships to Strengthen Cybersecurity in the Healthcare Industry

To provide the best security for patients and stakeholders in the healthcare sector, the federal government and technology industry have joined the battle against bad actors in healthcare. Several federal agencies including the Administration for Strategic Preparedness and Response (ASPR), will lend a hand in bolstering the cyber posture of the American health system. The ASPR is working alongside Cybersecurity and Infrastructure Security Agency (CISA) and private sector partners to analyze the cyber threat landscape of the healthcare sector. Over the next year, the agency hopes to create a cyber division, introduce a cyber risk identification tool, track cyber incident reports and gain resources and buy-in from senior leadership. Another agency, the Department of Health and Human Services (HHS) will strengthen cybersecurity by partnering with hospitals, health organizations and federal agencies, including CISA, that have additional information on cyber threats. Under the HHS, the Health Industry Cybersecurity Practices (HICP), a publication in response to the Cybersecurity Act of 2015, provides practical cybersecurity guidelines for the healthcare industry.

HICP covers several major threats that the industry faces, including:

Social engineering
Ransomware
Payment fraud
Loss or theft of equipment
Insider, accidental, or malicious data loss
Attacks against network connected medical devices

To counter said threats, the HICP has listed its top ten best cybersecurity practices. It advises to:

Protect email systems from phishing breaches
Implement endpoint protection systems to all hardware devices
Utilize identity and access management, regardless of the size of the health care organization
Check cyber posture to prevent data loss
Manage IT assets
Execute network management for wireless or wired connections before interoperating systems
Enact vulnerability management
Take advantage of incident response plans to discover network cyberattacks
Extend relevant cybersecurity practices to network connected medical devices
Establish and implement cybersecurity and governance policies^[1]

By enabling organizations to evaluate capability against cybersecurity attacks, HICP aims to protect patients and stakeholders from private data loss.

While cyber attacks are always growing in complexity, the healthcare industry can evolve and provide superior service for its patients through the use of tested security strategies, AI and federal aid.

Visit Carahsoft’s Healthcare Solutions Portfolio to learn more about improving cybersecurity practices in the healthcare sector.

Resources:

^[1] “HICP’s 10 Mitigating Practices,” Department of Health and Human Services, https://405d.hhs.gov/best-practices

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at the HIMSS Fall Forum in September 2023.*

Transforming State and Local Government in Ohio Through Technology

Posted on by Robert Moore

Innovation and collaboration are imperative to drive growth and transformation in State and Local Governments, as well as the need to invest in education and training to prepare the workforce for the jobs of the future. At the Carahsoft Digital Transformation Roadshow in Columbus, Ohio, Government IT and industry leaders engaged in dynamic discussions around the role of technology in shaping the modernization of the state of Ohio and beyond.

Technology Innovation in State and Local Government

Ohio State and Local agencies have begun to integrate innovative technologies to drive better decision-making while lowering the cost of ownership for IT systems; however, this requires significant investment in infrastructure, training and talent acquisition. Agencies must also ensure cybersecurity and risk management, as the use of new technology can create new vulnerabilities. There is a critical need for education, collaboration and innovation as State and Local agencies reimagine the future workforce which is an ever evolving complex and diverse ecosystem.

When faced with implementing technologies like artificial intelligence (AI), internet of things (IoT) and other transformational technologies, comprehensive planning is the best way forward for State and Local agencies. By doing the planning upfront, agencies can ensure that they have the right tools to manage vulnerabilities, mitigate risks and drive innovation.

Utilizing a single platform that connects automation of other tools into that platform helps agencies get real-time data reporting and addresses risk within the organization. By using multiple endpoint management and security tools in a single platform, agencies can streamline their operations, reduce costs and improve their overall security posture.

A local agency in Westerville, Ohio has started using data for applied analytics and customizing citizen experiences using a feedback model. This approach involves analyzing and interpreting data to improve services and provide a more streamlined citizen experience for services like trash collection, public safety and traffic management. By using data to drive decision-making and improve services, agencies can become more efficient, effective and responsive to the needs of citizens.

Building a Resilient Government

Modernizing systems, which is the top priority for building a resilient Government, will improve citizen services, generate cost savings, increase security and provide a more holistic, human-centered Government experience. Many State and Local agencies have outdated systems and need to modernize their infrastructure and business processes to make commerce more accessible and efficient. This involves evaluating areas for improvement, such as replacing fax machines with modernized digital tools and platforms and consolidating multiple systems into a few with all the key functionality they need.

The Ohio Department of Aging (DoA) implemented a tenant of rapid response in which automated systems provide emergency staffing within 24 hours for long-term care facilities and nursing homes during the COVID-19 pandemic and continue to this day. The DoA has also worked on predictive modeling utilizing the Governance, Risk and Compliance (GRC) organizational strategy to identify potential issues and respond proactively. Additionally, it has focused on meeting citizens’ needs through an omnichannel approach, using interoperable data analytics and predictive modeling to provide a more personalized and efficient experience.

Combating Cyber Threats in Government

Public Sector organizations face a range of cybersecurity risks, including data exploitation, insider threats, third party vulnerabilities, ransomware, identity theft and fraudulent access to State Government services. To mitigate these risks, agencies can take steps such as implementing strong access controls, regularly updating software and systems, conducting employee training on cybersecurity best practices and partnering with other organizations to share threat intelligence and collaborate on incident response.

Cybersecurity and Infrastructure Security Agency (CISA) offers several services to assist Government agencies with cybersecurity, including assessments and external dependency mapping. These services are provided at no cost to agencies, as they are already paid for by federal taxpayers. The services include:

Cybersecurity assessments: conduct cybersecurity assessments, which can help identify vulnerabilities and areas for improvement.
Ransomware readiness assessments: prepare for and respond to ransomware attacks, which are a growing threat to State and Local Governments.
External dependency mapping: identify and assess third-party vendors and other external dependencies, which can be a source of cybersecurity risk.
Threat intelligence sharing: provide agencies with information on emerging threats and best practices for defending against cyber-attacks.
Incident response planning: develop and test incident response plans, which can help ensure a coordinated and effective response in the event of a cyber-attack.

As cybersecurity threats become more sophisticated, it is increasingly critical for individual employees to be aware of the risks and take steps to protect their agency. Following best practices for password management, avoiding suspicious emails and links and reporting any potential security incidents to IT or security personnel is imperative. Agencies should provide regular training and offer resources such as phishing simulations to help employees become more vigilant.

Agencies must continue to leverage technology, utilize resources like CISA, stay up to date on the latest best practices and remain committed to meeting citizens’ needs. By embracing technology innovation, State and Local agencies can create a brighter future for all.

Explore more resources and learn more about Carahsoft’s State and Local Roadshow Series: Digital Transformation by visiting our Roadshow portfolio.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at Carahsoft’s Digital Transformation Roadshow.*

Ransomware Security Strategies

Posted on by Alex Whitworth

One of the first challenges in combatting ransomware is recognizing the imminence of an attack and the impact it could have on an individual’s personal organization. For 60% of companies surveyed by ActualTech Media and Ransomeware.org, they reported spending zero to four hours on ransomware preparedness per month.^[¹^] Getting collective buy-in from administrators can be difficult since the cybersecurity measures put into place cannot show their full value without being hit by a ransomware attack; however, when compared to the number and scale of attacks occurring, greater attention to cybersecurity is imperative. The NIST Cybersecurity Framework (CSF) provides a guiding set of principles that inform strategies for mitigating ransomware risk. Addressing ransomware starts with identification of a security program followed by protection, prevention, detection, recovery and then security improvements. Ideally companies would follow this CSF outline but in reality, for most organizations the path looks different. Due to feasibility and order of highest critical priority, many companies first establish detection and recovery methods followed by protection, prevention, and security improvement.

RANSOMWARE DETECTION AND RECOVERY

When ransomware hits an organization, the biggest immediate concern is finding the problem and returning to business operations as usual. Many resources exist to assist with this endeavor including asset management tools that automatically inventory all devices on the network and monitor for potential ways malware can get in. Implementing edge detection allows companies to be alerted and quickly identify early on if the network has been compromised and which accounts and devices require isolation and additional measures to prevent the further spread to other servers, accounts and storage units. Anti-virus programs are also helpful to monitor endpoints for indicators of compromise or malware. By achieving early detection, companies can contain the malware and reduce data loss.^[²^] It also aids in preventing extended downtime which is very costly for operations and business reputation. Apart from the actual ransom, the downtime alone caused by cyberattacks in 2020 cost $20.9 billion to American businesses.^[¹^]

Once malware has been detected, a company’s recovery plan and preparation are put to the test. IT specialists and company administrators need to have an emergency plan in place so there are straightforward steps to recovery. Backups not only need to be created and stored off-site, but also updated on a regular basis and tested to ensure that they are a solid base for a system restoration. With most traditional backup systems, the data cannot be recovered fast enough to neutralize the ransomware’s impact on operations. Instead, a new strategy must be adopted that shifts from 200,000 files taking eight plus hours to restore via the traditional backups, to millions of files being recovered in minutes. Granular, immutable, verifiable snapshots are required to successfully recover all of an organization’s data.^[²^]

The Sophos “State of Ransomware” report indicated that 77% of healthcare organizations that did not experience a ransomware attack in 2021 attributed it to efforts such as backups and cyber insurance, which help with remediation but not prevention. This exposed an ongoing misunderstanding within the industry on cybersecurity methods.^[³^] Obtaining cyber-insurance does not prevent future attacks; however, instituting proper security strategies does decrease the susceptibility to ransomware. Recovery tools and insurance provide support during post-breach response but ultimately, in conjunction, organizations should strive to prevent the attack in the first place which requires implementing protection and prevention. According to the Government Accountability Office (GAO), cyber-insurance is a valuable resource to employ but noted that it is increasingly harder to acquire, due to the massive volume of cyberattacks, a higher bar of entry and more requirements to gain coverage and receive payouts. This leaves organizations who do not have sufficient security or insurance to face the recovery process and expensive remediation costs alone.^[⁴^]

RANSOMWARE PROTECTION AND PREVENTION

While most organizations invest in attack detection and recovery strategies, the protection aspect of the NIST CSF is equally important and an essential element to reduce the amount of recovery needed. Protection and prevention of ransomware attacks begins with establishing system routines and measures that make it more difficult for hackers to infiltrate. Through implementing Zero Trust user principles such as Multi-Factor Authentication (MFA), institutions and agencies can protect themselves by verifying the identity of employees. Poor password hygiene is one of the leading gateways to malware infiltration, making thorough employee training and password management software a baseline to reduce risk. The average user has access to over 20 million corporate files, making each employee a critical part of keeping the network safe and a huge liability if they are not vigilant and following best practices.^[²^] Segmentation of the network to provide user-specific access to data and system resources also creates safety barriers, so in the event of an attack the entire network is not automatically compromised. Around 80% of critical infrastructure companies without Zero Trust policies experience an $1.17 million increase in breach costs bringing to an average of $5.4 million per attack in 2022.^[⁵^]

Comprehensive Zero Trust authentication and data access control to limit complete access to the entire company’s files is a first step in this process. File indexing, which classifies the level of sensitivity of information contained, allows companies to better allocate resources to prioritize their protection of the most important or confidential files.^[²^] When processes are automated through these and other resources, it eases IT teams’ responsibilities and reduces the chance of error. Incorporating artificial intelligence (AI) and machine learning (ML) also expedites the identification of confidential information with metadata tags, along with advanced detection of suspicious network and user activity, and thereby minimizes inefficiencies.^[⁶^]

Organizations must rigorously search for security gaps and proactively work to close them. Some other measures to incorporate include:

Filtering for phishing emails and providing awareness training to minimize the possibility of a user accidentally clicking a malicious link
Utilizing firewalls to block unusual network traffic and segment the network to impede malware system communications
Monitoring software licenses to ensure they are updated and systems are adequately patched
Removing expired and extraneous user credentials and unused legacy technology
Tracking vulnerabilities on devices like IoTs, OTs, and employees’ personal devices used for work (BYODs) throughout the entire connection lifecycle
Implementing Zero Trust cloud security with container scanning and proxies like a Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA)

RANSOMWARE SECURITY IMPROVEMENT

Following an attack, companies have the opportunity to grow and improve from the situation as well as share resources with other public and private sector companies to strengthen defenses. Incident reporting is a key strategy to prevent future ransomware incidents and a top priority for the Cybersecurity and Infrastructure Security Agency (CISA). Agencies and organizations must support each other to defend against these cyber threats that affect every industry.^[⁷^]

To support this greater focus on information sharing, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 took effect in March requiring a more stringent timeline and adherence to disclosing cybersecurity attacks and ransomware payments to the government. CISA also now has the authority to subpoena critical infrastructure organizations if they do not report any cybersecurity incidents within 72 hours of a cyberattack and 24 hours of a ransom payment.^[⁸^]

This threat information sharing requirement along with other recent rules on reporting attack incidents strengthen organizations’ security posture and reduce the success rates of cyberattacks. Through these joint efforts and public-private partnerships, companies can recover faster, resume normal operations and support other businesses in the defense of their industry and the nation.^[⁹^]

To assist with incorporating these cybersecurity best practices, Congress passed the Infrastructure Investment and Jobs Act Public Law 117–58 which offers $2 billion to “modernize and secure federal, state, and local IT and networks; protect critical infrastructure and utilities; and support public or private entities as they respond to and recover from significant cyberattacks and breaches.”^[¹⁰^]

RANSOMWARE RISK MITIGATION

Tech modernization, while crucial to agencies and organizations’ survival and growth, also presents unique challenges in protecting those technologies.^[11] In their journey to securing their legacy and updated systems, companies must take the time to honestly evaluate their cybersecurity standing across the ransomware cycle and ensure their readiness to handle an attack. Utilizing NIST CSF security strategies and other resources help organizations to mitigate risk and empower other companies to learn and protect their systems. By implementing best practices and technologies to address cyber hacks and data breaches, companies are valuing both their customers and their own bottom line. Proactive cybersecurity measures are key for all companies to stem the tide of ransomware attacks and protect the continued growth of their organizations.

Learn about the current state of ransomware and its impact across sectors in our Ransomware Series. Visit our website to learn how Carahsoft and its partners are providing solutions to assist in the fight against ransomware.

Resources:

[1] “Everything You Need to Know About Ransomware,” Ransomware.org, https://ransomware.org/

[2] “Protect, Detect & Recover: The Three Prongs of a Ransomware Defense Strategy for Your Enterprise Files,” Nasuni, https://media.erepublic.com/document/Whitepaper-_A_Three_Prong_Ransomware_Strategy_-_Nasuni.pdf

[3] “The State of Ransomware in Healthcare 2022,” Sophos, https://news.sophos.com/en-us/2022/06/01/the-state-of-ransomware-in-healthcare-2022/

[4] “Healthcare data breach costs reach record high at $10M per attack: IBM report,” Fierce Healthcare, https://www.fiercehealthcare.com/health-tech/healthcare-data-breach-costs-reach-record-high-10m-attack-ibm-report

[5] “Cyber Attacks Against Critical Infrastructure Quietly Increase,” Government Technology, https://www.govtech.com/blogs/lohrmann-on-cybersecurity/cyber-attacks-against-critical-infrastructure-quietly-increase

[6] “Four Best Practices for Protecting Data Wherever it Exists,” Dell Technologies and Carahsoft, https://www.carahsoft.com/2nd-page/dell-4-best-practices-federal-data-security-protection-report-2022#page=4

[7] “Ransomware Hackers Will Still Target Smaller Critical Infrastructure, CISA Director Warns,” Nextgov, https://www.nextgov.com/cybersecurity/2022/07/ransomware-hackers-will-still-target-smaller-critical-infrastructure-cisa-director-warns/374953/

[8] “DHS Convenes Regulators, Law Enforcement Agencies on Cyber Incident Reporting,” Nextgov, https://www.nextgov.com/cybersecurity/2022/07/dhs-convenes-regulators-law-enforcement-agencies-cyber-incident-reporting/374968/

[9] “Ransomware Attacks on Hospitals Have Changed,” AHA Center for Health Innovation, https://www.aha.org/center/cybersecurity-and-risk-advisory-services/ransomware-attacks-hospitals-have-changed

[10] “FACT SHEET: Top 10 Programs in the Bipartisan Infrastructure Investment and Jobs Act That You May Not Have Heard About.” The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2021/08/03/fact-sheet-top-10-programs-in-the-bipartisan-infrastructure-investment-and-jobs-act-that-you-may-not-have-heard-about/

[11] “Global Data Protection Index 2021,” Dell Technologies, https://www.dell.com/en-us/dt/data-protection/gdpi/index.htm#pdf-overlay=//www.delltechnologies.com/asset/en-us/products/data-protection/industry-market/global-data-protection-index-key-findings.pdf

Infographic Resources:

“Ransomware and Energy and Utilities,” AT&T Cybersecurity, https://cybersecurity.att.com/blogs/security-essentials/ransomware-and-energy-and-utilities

Ransomware in Healthcare and Utilities

Posted on by Alex Whitworth

The past two years have seen relentless cyberattacks employed by hostile nations to disrupt American security, public health and the economy. The current U.S. administration has announced its emphasis on fighting ransomware particularly within these critical infrastructures. New regulations are underway for 4 of the 16 sectors including healthcare and water, which is a part of the utilities sector.^[¹^]In anticipation of the coming changes, here is a look into the current state of ransomware in healthcare and utilities, both of which have experienced some of the worst cyberattacks in recent years. By understanding the challenges in these fields, IT administrators can work to evaluate their individual organizational cybersecurity status and start to resolve issues before the enforcement of the new regulations begin.

USE CASE: HEALTHCARE

Unlike ransomware attacks on other sectors, cyberattacks within healthcare are threat-to-life crimes instead of economic crimes because they impede hospital operations and critical patient care. Ransomware attacks by foreign cybercriminals on hospitals are analogous to military strikes against healthcare facilities, which violate international warfare laws. Because of this, it is not only an IT system concern but a healthcare-wide risk that must be addressed with grave importance.

Recent Attacks

In 2020, Universal Health Services network was hacked by the Ryuk variant of ransomware resulting in all its IT systems shutting down and operations stopping at 250 hospitals. According to a Department of Health and Human Services (HHS) report, the incident ultimately cost $67 million in lost revenue and recovery although $26 million was covered by cyber insurance.^[²^]

The devastating ransomware attack against Scripps Health in May 2021 cost the company $112.7 million with over a month of cleanup and extensive revenue loss. ^[²^] In light of this rise in attacks, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA) and HHS all issued admonitions that hospitals and health systems be on alert and strengthen their ransomware protection and emergency plans.^[³^]

Impact

On average, the HHS reported that each healthcare cyberattack cost $10.10 million including the ransom, business loss and remediation costs, ranking it as the most expensive sector for cyberattacks across all industries.^[⁴^]This is 41.6% higher than in 2020.^[²^] Often, criminals target the healthcare sector because of the quantity and sensitivity of data available. Hospitals are also particularly susceptible due to the complexity of the IT infrastructure, 24/7 operations and the strong repercussions to the reputation of the organization, making them more likely to pay the ransom if an attack happens. Many healthcare organizations also employ a lot of legacy equipment and software as well as perform extensive amounts of file-sharing with many vulnerable endpoints. These areas are a security concern but some of these older systems are also imperative for regular operations and certain medical software to run.^[⁴^]

In addition to the immediate disturbance of operations, all of these hacks expose millions of patient records. For the general population, these healthcare breaches have tripled in their impact between 2018 and 2021, with 14 million people affected to now over 45 million. According to the HHS, healthcare institutions faced 373 ransomware attacks from January to July 2022.^[²^] Cyber disruptions’ impact through delayed care in areas with poorer healthcare is magnified even more. Northwell Health’s Senior Vice President and Chief Quality Officer Mark Jarrett says: “Clinicians in general tend to think of this as an information technology issue, and it really isn’t. It’s a patient safety issue.”^[⁵^]

Post-Attack Measures

Because of the unfortunate success of ransomware within healthcare, many institutions are seeking cyber insurance to offset the cost. The high number of incidents, however, has made it more difficult to obtain coverage until substantial cyber security defenses are in place.^[⁶^]While 79% of healthcare organizations possess cyber insurance, nearly all of them have had to improve their cybersecurity strategies to maintain coverage including incorporating new technologies, more employee training and other system process changes.^[⁶^]

The Censinet and the Ponemon Institute report, “The Impact of Ransomware on Healthcare During COVID-19 and Beyond,” noted that most healthcare institutions budget 3-4% of IT spending towards cybersecurity while financial firms spend an average of 6-14% to combat cybercrimes.^[⁷^] When healthcare systems invest in more cyber defenses, the overall impact of ransomware is dramatically lessened. For institutions with fully deployed cyber security measures, an IMB Security’s annual breach report discovered a 65.2% reduction in average breach cost and 74-day shorter detection and containment cycle versus companies without. This decreased the cost from $6.20 million to $3.15 million for those with security and a breach lifecycle of 323 days down to 249.^[²^]These results speak to the importance of implementing comprehensive cybersecurity protection and remediation tools in the healthcare sector.

USE CASE: UTILITIES

Similar to healthcare, ransomware attacks to the utilities sector are not just costly and inconvenient, they also impede critical infrastructure and have a wide impact radius to public health, safety and the companies’ bottom line. Utilities also underscore every aspect of daily life through electricity, oil, water and natural gas.

Recent Attacks

In May 2021, the Colonial Pipeline attack brought ransomware in utilities to the forefront of the public eye. The incident affected 45% of the fuel supply used on the U.S. East Coast, which generated a steep price increase and public panic.^[⁸^] Within two hours of access, the cyber criminals immobilized 100GB of critical data. As a result, the 5,500-mile pipeline system was closed for six days until the company paid $4.4 million in cryptocurrency as ransom. Reuters lists this cyber event as the most disruptive ransomware attack on record.^[⁹^]

Following the Colonial Pipeline hack, Congress issued a strong cybersecurity measure requiring critical infrastructure organizations to report an attack in three days and any payment of the ransom within one day. The goal is to increase information sharing and better equip the government to assist in these situations.^[¹⁰^]

Another large cyberattack in 2021 occurred in Florida when cybercriminals infiltrated the water treatment facility’s network through dormant software and spiked the sodium hydroxide level to 100 times its usual amount. Although the attack was detected and neutralized, the event unveiled a huge vulnerability in U.S. water systems due to minimal IT budgets, staffing shortages causing maintenance delays, outdated cybersecurity systems and other factors, making it easier for cybercriminals to breach the system unnoticed. Shortly after the news of the Florida water hack, three additional water treatment plant attacks across the country that had not been reported came to the surface.^[¹¹^]Research indicates that this situation represents a consistent trend. Although large attacks on well-known businesses are often featured more in the news, small businesses experience more ransomware attacks but they commonly go unreported.^[¹²^] The limited resources available often make smaller local government and enterprises a preferred target for ransomware because it is more difficult for them to recover from an attack, thus making them more likely to pay the ransom quickly.^[¹³^]

Impact

These major attacks in 2021 followed an already heightened evaluation of utilities’ security due to Executive Order 13636, which initiated the National Institute of Standards and Technology (NIST) Cyber Security Framework of 2014,^[^14a^] and the America’s Water Infrastructure Act of 2018,^[^14b^] which required water systems threat risk and resilience assessments to be completed between March 2020 and June 2021.

Post-Attack Measures

Utilities companies often rely on a data backup strategy that replicates the system to a second data center if the primary server fails. This setup works well for natural disasters, but companies must be aware that the infection can also be duplicated on non-segmented backup copies which hackers prioritize attacking as well.

Within the electric power sector, operational technology (OT) is widely spread across data centers’ locations and connected through dedicated cables which allows additional control over networking. This however, increases the attack surface and restricts the network’s ability to adapt and reroute traffic to another safe location in the event of a cyberattack, because the system is hardwired to be isolated.^[¹⁵^] Companies must be careful not to assume the direct lines would be inherently secure and should continue to conduct system monitoring especially as these networks start connecting to other systems. In addition to geographical and system complexities, many utility organizations also have decentralized cybersecurity leadership, which can contribute to post-attack confusion and a lack of clarity on the recovery plan.^[¹⁶^]

While demonstrating the return on investment (ROI) of cybersecurity strategies can be a challenge until an attack has occurred, experts highlight the value of these measures by pointing out the impact that a compromised system can have on a company and the general public.^[⁹^] With cybersecurity, success is ultimately demonstrated by the absence of cyber incidents. In the past, this led to a reluctance to invest in necessary cyber measures; however, this awareness is shifting as more companies are joining the initiative to secure their systems and networks.

In July 2022, national security advisors announced additional cybersecurity requirements will be instituted soon by the Environmental Protection Agency (EPA) to defend national water systems from hackers.^[¹⁷^] To prepare for these new guidelines, companies within the utilities sector must evaluate their systems and work to improve their defenses and recovery plans now in the face of ransomware attacks.

LOOKING AHEAD

Critical infrastructure across the country has been overwhelmed by the influx of ransomware and data breaches. Looking at the data projections for the coming years reveals that these intrusions will continue to grow at an alarming rate. While legislation develops to address the current cybersecurity gaps, sectors like healthcare and utilities must actively take initiative to address system weaknesses and make it more difficult for cybercriminals to infiltrate. Investing in the necessary changes and updates is crucial for U.S. critical infrastructure organizations before their individual institutions become the next target. Now more than ever is the time to modernize infrastructure, get ahead of cyber requirements and build resilience against the threat landscape.

Learn about steps to address these cybersecurity concerns whether in healthcare and utilities or across all sectors in our Ransomware Security Strategies Blog. Find our full Ransomware Series here.

Resources

[1] “FACT SHEET: Biden-⁠Harris Administration Delivers on Strengthening America’s Cybersecurity,” The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2022/10/11/fact-sheet-biden-harris-administration-delivers-on-strengthening-americas-cybersecurity/

[2] “Healthcare data breach costs reach record high at $10M per attack: IBM report,” Fierce Healthcare, https://www.fiercehealthcare.com/health-tech/healthcare-data-breach-costs-reach-record-high-10m-attack-ibm-report

[3] “Ransomware attacks on hospitals could soon surge, FBI warns,” CNET, https://www.cnet.com/news/privacy/fbi-warns-imminent-wave-of-ransomware-attacks-hitting-hospitals/

[4] “Ransomware 101 For Healthcare,” Forbes, https://www.forbes.com/sites/forbestechcouncil/2022/08/16/ransomware-101-for-healthcare/?sh=3bb3ca785b86

[5] “The pandemic revealed the health risks of hospital ransomware attacks,” The Verge, https://www.theverge.com/2021/8/19/22632378/pandemic-ransomware-health-risks

[7] “Ransomware in healthcare: it’s a matter of life and death,” NTT, https://services.global.ntt/en-us/insights/blog/ransomware-in-healthcare

[8] “Everything You Need to Know About Ransomware,” Ransomware.org, https://ransomware.org/

[9] “Ransomware Attacks in the Energy Industry,” CDW, https://www.cdw.com/content/cdw/en/articles/security/ransomware-attacks-energy-industry.html

[11] “The Critical Need to Protect Critical Infrastructure: Spotlight on Utilities,” Spy Cloud, https://spycloud.com/protect-critical-infrastructure-utilities-ransomware-ato/

[12] “How Utilities Can Reduce the Risk of Ransomware Attacks,” Energy Central, https://energycentral.com/c/pip/how-utilities-can-reduce-risk-ransomware-attacks

[13] “Ransomware Hits U.S. Electric Utility,” Trend Micro, https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-hits-u-s-electric-utility

[14a] “NIST Releases Cybersecurity Framework Version 1.0,” NIST, https://www.nist.gov/news-events/news/2014/02/nist-releases-cybersecurity-framework-version-10#:~:text=In%20February%202013%2C%20President%20Obama,help%20organizations%20manage%20cyber%20risks

[14b] “What Does the New American’s Water Infrastructure Act (AWAI) of 2018 Mean to You?” Crawford, Murphy & Tilly, Inc., https://www.cmtengr.com/2019/08/20/americans-water-infrastructure-act/

[15] “How energy and utility companies can recover from ransomware and other disasters using infrastructure as code on AWS,” AWS, https://aws.amazon.com/blogs/industries/how-energy-and-utility-companies-can-recover-from-ransomware-and-other-disasters-using-iac-on-aws/

[16] “Ransomware and Energy and Utilities,” AT&T Business https://cybersecurity.att.com/blogs/security-essentials/ransomware-and-energy-and-utilities

[17] “White House Official: EPA to Issue Cybersecurity Rule for Water Facilities,” Nextgov, https://www.nextgov.com/cybersecurity/2022/07/epa-issue-cybersecurity-rule-water-facilities-white-house-official/375098/

Infographic Resources:

[6] “The State of Ransomware in Healthcare 2022,” Sophos, https://news.sophos.com/en-us/2022/06/01/the-state-of-ransomware-in-healthcare-2022/

[10] “Looking Back at the Colonial Pipeline Ransomware Incident,” Government Technology, https://www.govtech.com/blogs/lohrmann-on-cybersecurity/looking-back-at-the-colonial-pipeline-ransomware-incident

“The 2021 Ransomware Risk Pulse: Energy Sector,” Black Kite, https://blackkite.com/wp-content/uploads/2021/09/The-2021-Ransomware-Risk-Pulse-_-Energy-Sector.pdf

Ransomware on the Rise

Posted on by Alex Whitworth

News story after news story, cyberattack after cyberattack has demonstrated the rampant presence of ransomware in today’s society taking down all shapes and sizes of companies in both the public and private sectors. By 2026, Gartner predicts that unstructured data storage, which is very susceptible to ransomware, will triple in size, and with that, an inevitable increase in the attack surface. Currently 80% of enterprises’ data is made even more vulnerable by the number of daily users, its distributed nature across devices and servers and overall lack of secure protection.^[¹^]

Experts have arrived at this bottom-line conclusion—everyone is vulnerable to a ransomware attack and cybersecurity measures have become an absolute necessity, not an option.

RANSOMWARE DEFINITION

Ransomware is a form of extortion through malware exploiting cyber vulnerabilities to infiltrate systems and capture vital operating or private data. The cybercriminals require payment, often in the form of cryptocurrency, for the release, restoration or decryption of the files or the assurance of not blackmailing individuals with the information accessed. Only 2% of organizations within healthcare get their full data back even after paying the ransom, with the majority of organizations receiving about 65% of their information back.^[²^] Currently, the situation has escalated to the point where bad actors are demanding multiple ransoms, one to restore the data and others to not publish the information on the black market.

The primary four ways ransomware infects a system are through:

Phishing emails and malicious links
Insecure network ports, devices and services
Backdoors left by other malware
Network vulnerabilities such as poor password hygiene with little user authentication, too many legacy systems, missing software patches and updates etc.^[³^]

The rise of ransomware as a service (RaaS) has increased the ease of carrying out a cyberattack with practically no technical knowledge necessary for a criminal to execute the attack.^[⁴^] One group creates the malware program code and then sells it for other groups to initiate the attack on specific victims.^[⁵^] X-Force head Charles Henderson said these crime affiliations have created a condition in which “criminals are more collaborative than the cybersecurity industry.”^[⁶^]

All the shifts and advancements in ransomware require a frank review of the past few years and the statistics to understand the situation, properly form the best course of action and minimize the repercussions on American citizens through critical infrastructure.

RANSOMWARE LANDSCAPE

Ransomware has existed since 1989; however, the past two years have seen a dramatic spike in quantity and impact of cyberattacks. All areas of government, business and healthcare are susceptible regardless of their size and relative importance.^[7] In recent years, the landscape has changed from individual domestic hackers exploiting opportunities to organized groups of professional criminals based in and often funded by adversarial nations to strategically disrupt critical functions and achieve financial and political goals.^[⁶^]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified 16 major critical sectors whose capabilities directly impact the national public health, safety, security and economy of America, most of which (14 out of 16) have fallen under heavy ransomware attack in the past two years.^[8] By targeting these essential infrastructures across financial, industrial, transportation and healthcare institutions, bad actors can disrupt nation-wide and global supply chains. CISA executives stress the importance of universal action to improve cybersecurity and combat the widespread ransomware threat. Because of the interconnectivity of U.S. infrastructure, they warn that if one organization is compromised, cybercriminals could gain access and infiltrate other larger vital service providers and ultimately spread out of control.^[9]

Government agencies and critical businesses are not the only groups seeking to improve through tech modernization. The ransomware landscape has changed drastically due to advances in cybercriminal activity as well.

The timeline of these attacks has also accelerated. In 2019, the average time between the initial system infiltration to malware deployment was over two months but in 2021 it dropped 94% to an average of less than four days.^[¹²^] Every 10 seconds, a new victim is attacked by ransomware. Not only are attacks and ransom demands increasing and their deployments faster, the majority (60%) of companies do not feel prepared if their company were to be faced with a similar threat in the next 12 months.^[¹³^] This problem is expected to continue to grow over the next decade, with ransomware cost predictions of more than $265 billion in total damage by 2031.^[¹⁴^] Agencies and organizations must evaluate their cybersecurity standing and make improvements to ensure that they can withstand these escalating attacks.

RANSOMWARE — ACTION REQUIRED

Contrary to public opinion, most cybercriminals do not primarily target organizations based on the perceived importance of their data, but rather the ease of access to infiltrate the system and the probability that the company will pay the ransom. Critical infrastructure in particular has an obligation to strengthen and reinforce their cybersecurity to prevent disruption and protect these vital functions for the American people. With the increasing trends, officials point to the new harsh reality that ransomware is not a question of if a company will be attacked through malware, but when. Based on the current landscape, organizations must act or risk being swept away by the growing tide of ransomware.

Carahsoft and its partners offer cybersecurity solutions to defend against ransomware and mitigate the risks. Reach out to discover how Carahsoft can make an impact for your organization. Dive deeper into how ransomware is affecting U.S. critical infrastructures such as healthcare and utilities in our Ransomware in Healthcare and Utilities Blog. Find our full Ransomware Series here.

Resources:

[1] “Protect, Detect & Recover: The Three Prongs of a Ransomware Defense Strategy for Your Enterprise Files,” Nasuni, https://media.erepublic.com/document/Whitepaper-_A_Three_Prong_Ransomware_Strategy_-_Nasuni.pdf

[2] “The State of Ransomware in Healthcare 2022,” Sophos, https://news.sophos.com/en-us/2022/06/01/the-state-of-ransomware-in-healthcare-2022/

[3] “Security Primer – Ransomware,” Center for Internet Security, https://www.cisecurity.org/insights/white-papers/security-primer-ransomware

[4] “Ransomware: In the Healthcare Sector,” Center for Internet Security, https://www.cisecurity.org/insights/blog/ransomware-in-the-healthcare-sector

[5] “Health Care Ransomware Strains Have Hospitals in the Crosshairs,” Security Intelligence, https://securityintelligence.com/articles/health-care-ransomware-strains-hospitals-in-crosshairs/

[6] “Ransomware Attacks on Hospitals Have Changed,” AHA Center for Health Innovation, https://www.aha.org/center/cybersecurity-and-risk-advisory-services/ransomware-attacks-hospitals-have-changed

[8] “Critical Infrastructure Sectors,” Cybersecurity & Infrastructure Security Agency, https://www.cisa.gov/critical-infrastructure-sectors

[9] “Ransomware Hackers Will Still Target Smaller Critical Infrastructure, CISA Director Warns,” Nextgov, https://www.nextgov.com/cybersecurity/2022/07/ransomware-hackers-will-still-target-smaller-critical-infrastructure-cisa-director-warns/374953/

[12] “Ransomware in 2022: Evolving threats, slow progress,” TechTarget, https://www.techtarget.com/searchsecurity/news/252522369/Ransomware-Evolving-threats-slow-progress

[13] “Global Data Protection Index 2021,” Dell Technologies, https://www.dell.com/en-us/dt/data-protection/gdpi/index.htm#pdf-overlay=//www.delltechnologies.com/asset/en-us/products/data-protection/industry-market/global-data-protection-index-key-findings.pdf

[14] “Ransomware in the Utilities Sector,” ThirdPartyTrust and BitSight, https://info.thirdpartytrust.com/hubfs/03%20Guides%20and%20Ebooks/ransomware-utilities-bitsight-thirdpartytrust.pdf

Infographic Resources:

[7] “Ransomware Threat March 2022: Special Report” Nextgov, https://www.nextgov.com/assets/ransomware-threat-ngq122/portal/

[11] “Much to Do About Ransomware: Report Highlights a Path Forward,” Government Technology, https://www.govtech.com/security/much-to-do-about-ransomware-report-highlights-a-path-forward

Headlines in Cybersecurity—Ransomware, Supply Chain Hack and Zero Trust

Posted on by Evan Slack

The impact and rate of cyberattacks on government and critical infrastructure IT systems have accelerated over the past several years. Malware inserted into software platforms and widely distributed to customers; ransomware attacks that take down hospitals and local governments; hacks endangering water systems are just a few examples showing that our vital systems are under attack.

At Geek Week—a FedInsider Carahsoft Tech Leadership SLED three-day webinar series—thought-leaders from the government and contracting community focused on ransomware, supply chain hacks and zero trust within the cyber threat environment and ways to respond and protect their most valuable assets, data and IT systems, more effectively.

Ransomware

The three-day webinar series began with examining state and local governments’ fight against ransomware attacks. According to the Verizon Data Breach Incident Report 2022, 80% of attacks on public sector systems were financially motivated, and 78% of the breaches came from outside the network. With the increasing frequency of these attacks, many states are passing legislation banning state agencies from paying ransomware; therefore, many state and local leaders must strengthen and broaden their defenses and mitigation strategies. One of the most concerning trends in ransomware is attackers destroying data in frustration, whether that is due to lack of payment or trouble getting through the defenses. Large organizations are still struggling with siloed data systems. This, paired with the more frequent ransomware attacks, has caused a more complex and slow-moving process towards protecting against cybersecurity risks.

Ransomware can be examined in two different phases: pre-alert and post-alert. In the past, ransomware has always been reactive rather than proactive. States focus on recovery and resilience as they update their disaster recovery plans, looking to buy ransomware insurance and updating their cloud for faster and better recoveries. Organizations have started implementing user training and running phishing exercises to increase awareness about the risk of suspicious links and attachments. There has also been a surge in multifactor authentication alertness. State and local government agencies need to establish response and contingency plans that are well documented, and test run those plans so that teams are apt when an attack happens.

There is an increasing reliance on technology for the operations and critical services that state and local government agencies provide. While there are many advantages to those services, there is also an increase in their potential attack surface. As more government agencies are adopting new technologies, they tend to outsource these services to various vendors in the cloud instead of operating the servers on their own premises. While this outsourcing shift cybersecurity risks, many agencies do not have solid protections in place. Industry vendors have exerted more effort into ransomware including online resources sharing best practices, vulnerability scanning, web application scanning and phishing campaign assessments at no cost.

Supply Chain Hack

Another cybersecurity concern state and local governments must address is supply chain hacks. All states have security measures in place to protect their own data and systems. But cybersecurity threats and attacks against governments have increased. Cybersecurity professionals throughout all levels of government and the private sector are painfully aware of the risks to their own networks posed by third parties with authorized access—but have insufficient security measures of their own. By hacking into supply chains, attackers gain access to company data, as well as the ability to breach other customers networks, disrupting workflow and attacking their network.

It is imperative that the whole of government approach cybersecurity with the understanding that every public and private agency has a shared responsibility to ensure security through centralized cyber operations. Securing the supply chain requires that agencies understand what has access to their enterprise networks, including any remotely connected devices, mobile devices and the devices of any business partners, vendors and other counties that may connect.

The first critical step in modernization is how agencies are doing discovery, that includes active, passive and automated discovery. Agencies need to collect all asset inventory into a repository, and then enrich that asset inventory with the Software Bill of Materials (SBOM) to understand what software is and should be running on the network. Lastly, agencies need to ensure that software updates are tested to understand behaviors of those new updates and validate them before they are scheduled to update all the devices on the network. Automation and machine learning play a significant role in making that process more efficient by identifying baseline software behavioral characteristics and detecting anomalies.

Zero Trust

One of the most recent and trending topics in cybersecurity is how state and local governments are moving towards zero trust for their IP and networking environments. The federal government is well ahead of state and local governments in the implementation of a zero trust architecture because of the White House Executive Order on Cybersecurity last year; however, state and local agencies predict a similar shift. 67% of state CIOs who responded to the 2021 Annual State CIO Survey anticipate that introducing or expanding a zero-trust framework will be a higher priority in the next two to three years. AI system administrators work to protect and lock down servers and workstations within their domain, while still allowing access to legitimate users; however, with the increase in remote workers, todays security stance is trust nothing and verify continuously.

Zero trust is not new. Now the focus is to build on what already exists and establish a secure network environment across all devices, applications and components regardless of source or location. Agencies must look at their environment to identify their most sensitive data and protect that aspect of their critical infrastructure. Auditing the organization and performing risk analysis is the first step to achieve zero trust maturity. Looking at the Pillars of Zero Trust, agencies must secure endpoints, secure applications, secure the data, secure the network and secure the infrastructure, whether it is on-premise or cloud based.

While these steps increase the complexity of rolling out zero trust, agencies can begin to manage and understand their environment, understand what their data is, how sensitive it is and create a blueprint to navigate around cloud-based services to move toward more efficient and secure deployment.

All these areas are imperative concerns to government agencies and require active engagement to secure the nation’s networks, data and infrastructure. State and local agencies must continue to mature their cybersecurity environment and educate their teams as they keep up with emerging headlines in cybersecurity.

Visit Carahsoft’s cybersecurity solutions portfolio to learn how our dedicated team specializes in providing Federal, State and Local Government agencies and Education and Healthcare organizations with security solutions to safeguard their cyber ecosystem.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at Cyber Geek Week 2022.*

IACP Conference 2022 Recap: Exploring Cybersecurity and Data Analysis

Posted on by Madeline Williams-Potter

Both law enforcement professionals and technology providers gathered at the International Association of Chiefs of Police (IACP) Conference 2022 to discuss current challenges in the field and latest technology resources to meet the needs of the police force. Based on a commitment to advance safer communities through thought leadership, experts focused on utilizing technology modernization to address the growing issues of cybersecurity and maximizing resources through effective data analysis.

CYBERSECURITY

Smartphone Use for Police Operations: Law enforcement agencies have found many benefits from providing officers in the field with smartphones including increased officer safety through GPS tracking, easy access to a camera, body-worn incident tagging, similar functionality to in-vehicle mobile data terminals (MDTs) and support to in-vehicle, in-field and in-station operations. The challenge, however, is achieving compliance and instituting cybersecurity strategies to ensure the safety of the data, device and officer. The Criminal Justice Information Services (CJIS) Security policy applies to all parties dealing with criminal justice information (CJI) and incorporates guidelines on wireless networking, data encryption and remote access. Mobile device management (MDM), a way to manage agency smartphones, is a requirement for any agency wanting to access, transmit or store criminal justice data using mobile devices. Agencies must institute elements such as:

Multi-factor authentication
Regular updates and maintenance
Remote device locking and setting lock capabilities
Remote wiping of device
Folder or disk level encryption
Detection of unauthorized configurations, software or applications
Location tracking of agency-controlled devices
Prevention of unpatched devices from accessing CJI or CJI systems

Ransomware: The recent increase of ransomware and impact of successful attacks is driving urgency within law enforcement agencies to institute stronger cybersecurity strategies. Disruptions to police systems cause 911 calls to be rerouted, CAD systems to be disrupted, email and phone systems to be disabled as well as other repercussions. Cybercriminals also threaten to leak confidential informant, victim and officer details if the police do not pay the ransom. Investigations conducted to identify possible ransomware attack patterns revealed that there was no geographic methodology behind the hacks but that the common link was, any vulnerability found in an agency’s system was exploited.

Ransomware remains the largest type of attacks against public safety agencies. Police departments make up about 22% of attacks on public safety and from 2020-2021, approximately $800 million was spent towards restoring operations due to ransomware attacks. The increase in ransomware can be attributed to the decrease of technological skills required to launch an attack, particularly in the form of ransomware-as-a-software (RaaS).

To protect an agency’s critical data, law enforcement institutions should adopt National Institute of Standards and Technology (NIST) Cybersecurity Framework principles such as:

Know your network: Examine all hardware, software, data flows and applications
Know your adversary: Who is attacking and how might they do it?
Patch, Patch, Patch: While sometimes difficult to execute operationally, it is essential
Know what normal looks like: It is the only way to detect abnormal
Educate your users: Cybersecurity is everyone’s responsibility
Know how to respond to a cyber-attack: Train hard, fight easy

Cybersecurity and Digital Integrity: In this current digital age, many agencies experience cyber fatigue, struggling to manage all the technology, digest the data and maintain sufficient security. The extensive number of devices such as internet of things (IoT) devices, vendor devices or other forms of technology running through the agency’s network create vulnerabilities and often result in cyber breaches. Being able to ingest all the data safely and effectively is critical to the justice system’s mission. All technology, even the most cutting-edge, still requires the implementation of cybersecurity. As a frame of reference, experts reminded that IT systems necessitate just as much security as physical evidence management and keeping the chain of custody intact.

Cyber incidents and data loss within law enforcement agencies endangers not only the public’s safety but also their trust in police officials. Inter-agency sharing of breaches is a key element to mitigate risk and promote transparency. Agencies can also facilitate trust within the community by proactively communicating their use of technology and the protection strategies in place to safeguard public data. Ultimately, technology should be implemented in conjunction with the correct cybersecurity measures to avoid opening additional vulnerabilities and successfully enhance safety and community trust.

DATA ANALYSIS

Modernizing Investigations in the Digital Age: Experts attest to the power of properly employed technology within the law enforcement field. By innovating with current technology and adopting other digital resources, agencies can transform the public safety landscape and offer significant value-adds to those who protect the community daily. To modernize the investigation workflow and process the substantial amounts of digital evidence, law enforcement administrations must focus on training personnel properly, instilling an understanding of the importance of securing digital evidence, keeping the chain of custody on digital evidence intact and demonstrating for other agencies the technology benefits to promote interagency collaboration and support.

Currently, 95% of crimes have a digital component involved through phone records, social media, security cameras etc. making the data analysis a crucial part of cases. This quantity of digital evidence extending across multiple aspects of investigations, the technical sophistication of criminals, public scrutiny and lack of resources can make it a challenge to store and manage. However, harnessing technology platforms that can analyze, track, store and share the data easily shifts the situation from being an underutilized burden to an integral wealth of information and efficiency booster.

Body Worn Cameras and Public Trust: Many law enforcement agencies have implemented widespread usage of body worn cameras (BWC) to increase transparency and build trust within their communities. According to a 2018 report by the Bureau of Justice Statistics (BJS), 80% of law enforcement agencies have acquired body-worn cameras however 99% of that footage was never analyzed. Without the tools to catalog, analyze and apply the data, ROI on BWCs is severely impeded and the technology is rendered obsolete.

To remedy this situation, public safety offices are looking to create a fully indexed and automated database of events linked to multiple applications: supervision, performance evaluation, training, officer safety and wellness, community trust and transparency, risk management, etc.

This analysis and processing of BWC footage is possible through Multi-Modal Analysis (MMA) which integrates natural language processing (NLP) and computer vision (CV). Artificial intelligence (AI) and machine learning (ML) empower this technology to analyze the content of the camera footage and train the computer systems to optimize the material for easy evaluation of officer and citizen behavior. Public officials can then take these insights and formulate strategies of how officers can better influence interactions. Agencies plan to begin the adoption process of this solution starting in 2023. This will provide a new capacity to measure and evaluate officers in action and strengthen community trust through measurable outcomes and enhanced accountability.

Multimedia Evidence and Data Analytics Programs: Law enforcement agencies are often faced with the challenge of overwhelming amounts of data collected during cases. Officers gather three types of data:

Operational data—traffic stops, field interviews, calls for service, criminal incident, tips and informants
Non-operational data—human resources, training records, disciplinary files etc.
Digital evidence—video footage, news media, pictures, social media etc.

Unless it is handled properly, all of this information needing to be analyzed and managed can shutdown police IT systems and slow down the investigation. To solve this difficulty, public safety administrators created the Digital Content Analysis Platform (DCAP), which consists of several vetted tools to process the material. In addition to these resources, the key aspects needed for a successful data analysis program are:

Organizational planning & strategy
Proper implementation
Maintenance of architecture
Standardized processes
Proper and continuous training
Technical support and assistance
Communication and clear goal setting
Development of technical skills or robust outsourced managed services
Public safety mindset change

When law enforcement leadership prioritize the effort and commit the funding to these initiatives, it enables police departments to take basic reports and transition to software dashboards that make reports more efficient and easily digestible.

As law enforcement agencies seek to improve operations for the benefit of police officers and the communities they serve, utilizing technology plays a major role. Taking the data available and extracting insights through tech software enables police to operate data-driven strategies which contribute to a significant reduction of violent crime in cities across the country. By implementing the correct cybersecurity procedures alongside these IT solutions, law enforcement can be assured of the safety as well as the greatest benefits from the technology. Law enforcement agencies must unify under the mission of building trust within the community and maximizing every resource to protect public safety.

Visit Carahsoft’s Law Enforcement portfolio, bringing together industry-leading software and hardware solutions to support Federal, State and Local public safety agencies. Alongside our vendor partners, Carahsoft provides policing and investigative technologies to support mission objectives.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at IACP 2022.*