3 tips for mitigating the ransomware threat to government offices
In 2019, more than 140 local governments, hospitals, and police stations fell victim to malicious ransomware attacks. Various cities across Louisiana, Texas, and Florida are among many that have appeared in the headlines. This particularly malicious type of cybercrime has become a global issue whose reach and impact continue to grow. Recent reports claim ransomware damages could cost the world $20 billion by 2021.
Cybercriminals are continuously adapting and refining their strategy, making ransomware attacks very difficult to prevent and expensive to resolve. More recent attacks have targeted small and midsize local governments, with data and operations severely compromised and ransom demands frequently in the tens of thousands of dollars.
Guarding against ransomware can be substantially more difficult for local and county government agencies, which are often smaller and operating with less sophisticated IT systems. To mitigate the risk and limit the fallout of ransomware attacks, public officials must understand the threat, shore up internal defenses, and plan an effective response.
The Basics of Ransomware
Let’s start with an overview of how these attacks work. Ransomware is a type of malware that encrypts mission-critical data such as personal information and financial records to make them inaccessible to the organization that owns the data. Once cybercriminals have the information locked down, they demand a ransom before returning access to victims by way of a decryption key.
How do cybercriminals access data to begin with?
Malicious code can enter a system a variety of ways; among the most common are email attachments and phishing emails with embedded links. Once activated by click, open, or download, this code will then instruct the host system to run the ransomware code.
How vulnerable are most organizations to ransomware attacks?
The short answer is, frighteningly so. The average employee receives more than 120 emails per day, and any of these emails can contain malicious code. It takes only one employee responding to one wrong email to unleash ransomware and potentially bring operations to a halt.
Why not just pay the ransom?
Many smaller government agencies feel the only way to respond to a ransomware attack is to pay the ransom. But your odds of resolving the issue this way are slim. In fact, studies show that fewer than a third of organizations that pay cybercriminals recover access to their data.
Rather than simply caving to cybercriminals’ demands and hoping for the best, I recommend taking the following steps to lower your risk for an incident and to get your system up and running more quickly if an attack occurs.
Tip #1: Ensure system security
The first step to mitigating the ransomware threat is taking preventive measures. While ransomware is difficult to prevent, restricting access to certain areas of your network can make it more difficult to infiltrate. Set specific permissions for different departments rather than granting every employee full privileges to the entire system.
From there, you’ll need to implement anti-malware and antivirus software to block any known threats from entering the IT environment. These tools will also scan all inbound emails and flag any potentially malicious websites employees try to visit.
Tip #2: Implement a response plan
There is always a possibility that preventive measures will fall short. If an attack does occur, having a comprehensive response plan in place will help prevent cybercriminals from completely devastating your IT infrastructure and operations and reduce the risk and impact of future attacks.
Your response plan should include a forensic analysis of your office’s tech stack. Determine what is and isn’t needed to protect constituents’ data, and work quickly to address any security weaknesses or gaps. You should also have an intrusion detection and system logging tool in place and functioning so you can quickly identify how and when the system is compromised and detect any changes the attacker might have made to the system.
Tip #3: Keep employees updated on training
It’s equally important that you educate your staff on what these attacks look like and how to respond effectively. Review the common traits of phishing emails, and complement your internal training program with free tools such as phishing email simulators to test your employees’ discernment. Staff training will fill any knowledge gaps that exist and may ultimately be your best line of defense against ransomware.
As ransomware attacks spread across the globe and disrupt and disable organizations in every sector, don’t wait for an attack before taking action. Improve your defenses and your odds by establishing a response plan now, along with training your employees and securing your IT environment. Together, these steps will help you minimize the damage in the event of an attack and return more quickly to serving the public.
Rick Clark is the Corporate Security Director at Ontario Systems.