Published on August 6th, 2019 📆 | 5048 Views ⚑0
How government entities can combat cyber threats — FCW
How government entities can combat cyber threats
It’s no secret that all organizations must be on high alert for cyberthreats. But attacks on government agencies have been particularly relentless, resulting in 99 government and military data breaches in 2018 in the U.S. alone. In May, Baltimore was attacked by unknown actors — city email service was shut down, online payment processing ground to a halt and real-estate transactions could not be recorded. The hackers demanded 13 bitcoins, an estimated $100,000.
Government agencies, especially on the local, municipal and state level, have limited resources. Cybersecurity functions are underfunded and understaffed, with staffing at one-sixth the level of similar-sized financial service organizations. For this reason and others, these entities are perceived as easy targets that offer a wealth of sensitive and private data that malicious actors can sell or hold for ransom.
How should government agencies respond to a cyberattack?
So, when hit by ransomware, should agencies hand over the money, or fight to re-establish control of what is rightfully theirs?
Unfortunately, there is no right answer, and government organizations often receive conflicting advice. Law enforcement officials maintain that ransoms generally shouldn’t be paid, since payment encourages me-too attacks. Security consultants, charged with helping clients reclaim control of their systems and data, often recommend payment as the fastest, least expensive way to get systems back up and running.
Even if victims opt to pay ransom, there are no guarantees that agencies will be able to retrieve all information that was taken hostage. For example, NotPetya claimed to be ransomware, but in fact, wiped systems clean of all their data. Money was paid, but no data returned – a lose-lose for the victim. Other times, hackers might hand back access to data and functions, but systems must still be rebuilt to ensure that no trace of ransomware was left behind.
In order to minimize damage and downtime — and perhaps better avoid having to pay ransom – agencies should identify what it is at stake if a hacker succeeds. Taking an inventory of all assets owned by the organization will allow agencies to know what’s been affected and make it easier to recover and restore all data. It goes without saying that full access should never be granted to anyone who doesn’t need it. Identify users who need access to all assets and resources and grant permissions accordingly. When individuals leave or are terminated from the organization, their access permissions should be immediately revoked.
Furthermore, frequent and complete backups will ensure that data is saved and protected and that the recovery process, should it be necessary, is as seamless as possible. Backups should ideally occur as often as resources permit. Many organizations opt for a cloud backup solution, due to its automation and added security layers – whereas external storage is more likely to be damaged, lost or stolen.
Prevention trumps response
Rather than getting to the point of no return, combatting cyberattacks should be proactively managed through preventative action, technological excellence and training of both IT professionals and users. Dedicated info security staff must take the lead in identifying and remediating cybersecurity weakness. They should weigh a range of options and approaches to strengthening defenses against breaches, data theft and extortion.
Educating staff should be priority. Fighting hackers is no easy task, and small errors can be the start of major problems. Awareness training will identify and strengthen weak links from within. Teaching strategies for identifying suspicious emails and links before clicking will certainly limit, if not eliminate, successful phishing, spear phishing and business email compromise attacks.
Many states are implementing their own cybersecurity programs. In 2015, New Jersey founded The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), also known as the New Jersey Office of Homeland Security and Preparedness’ Division of Cybersecurity. This is the first state-level information sharing and analysis organization in the United States that exchanges cyber threat intelligence and conducts incident response for governments, businesses and citizens in New Jersey.
Other states have since followed suit with their own cybersecurity-focused projects, like the Michigan’s Cyber Disruption Response Plan and California’s Cybersecurity Taskforce. These types of programs can help local governments understand recent incidents, increase awareness of the threat landscape in their area and share that information with the public and local businesses.
Last, and certainly not least, infosec staff must continuously educate themselves about cybersecurity developments and best practices, such as internet isolation and zero-trust browsing. For instance, a zero-trust approach to browsing enables government organizations to protect their systems and data from the most common threats while allowing users to freely browse the sites that they need to get work done — hassle free.