Ransomware is an all-too-real threat in today’s world. Malicious cyber actors have expanded their ransomware techniques, resulting in breaches of anything from K-12 educational institutions, government agencies, and even high-profile brands like Garmin and Uber.
In a recent webinar hosted by Quest Software, Adrian Moir, Senior Product Manager and Technology Strategist at Quest, shared that more than 50 percent of organizations worldwide reported ransomware attacks in 2020; and this figure is only expected to increase. What is even more frightening is that according to FireEye Report, 34 percent of organizations that paid a ransom failed to retrieve their data. It’s a dangerous world out there, so federal government agencies must prioritize cyber resiliency and remain vigilant and educated on all of the new and emerging ransomware threats.
Even though this may seem extremely daunting, don’t be scared. Be prepared.
Prevention is better than a cure
If federal government agencies don’t care about risk, they don’t invest, so naturally it’s going to initially cost less. However, agencies think they are paying less until something goes awry, then they end up paying a lot more than if they made the original investment to put a resiliency plan in place.
If your federal agency does not have ransomware prevention, it will be forced to fix the problem and then wait until the next cybersecurity threat arises. Moir compared this scenario to fixing a wall. “You’re putting sticky plaster over sticky plaster,” said Moir. “Eventually, your data is going to bleed out behind the plaster.” He explained that it is always a good idea to pay the initial price for a resiliency plan rather than having to patch up data breaches after an attack.
Prevention starts at home
More often than not, ransomware attacks begin with someone inside the government agency. Ransomware entities often dupe agency employees into giving them credential information via phishing or social engineering. With more federal agency employees working remotely, there are even more potential threats that can reach employees since they are not within a closed network perimeter. As a result, workforce education is crucial.
For example, Uber’s cyberattack last September was the result of an employee receiving phishing emails impersonating Uber IT support. This exemplifies how crucial it is for an agency to ensure that its employees are educated on phishing attacks and other malicious cyber tactics.
As a way to combat this issue, federal agencies should conduct internal phishing tests. They can send emails with elements to the agency’s internal staff to see who clicks, and then collect that data. The agency will then know if they have an educated staff, and who was likely to be a higher or lower risk to the agency’s cyber posture.
Know what you are working with
Part of being prepared is understanding not only the threat risks but also any data gaps that may exist.
The first type of data gap seen in agencies is Gaps in Time. This gap refers to data that has missing recovery points and, therefore, missing protection. The best way to tackle this gap is for a government agency to make sure they know about all their data and consistently monitor it. Fortunately, there are emerging technologies and solutions that can automatically detect new data that appears and allow users to monitor this data.
The second type of data gap is Gaps in Coverage; this gap refers to data that is not being protected. Again, the best way to combat this gap is to have a consistent knowledge and awareness of data being stored and protected. Some key questions agencies can ask themselves are: Has all data been consistently protected to enable recovery? And has all required data been defined to be protected?
The third type of data gap is Gaps in Consistency; this indicates that the data is inconsistent, causing a variation gap in coverage with some important data missing. This gap in coverage can easily be caused by missing data sets while conducting backups, or backups not working for a period of time. If this problem occurs, it is imperative to start again with the backup chain when things are back online to ensure the data is restored to the way it previously was. Luckily, any good backup software should ensure that all data is committed before being put in a state of backup.
The fourth type of data gap is Recovery Gaps; this may be the scariest gap to encounter. This gap type refers to data that an agency thought was recoverable, but in reality has missing or damaged copies or contains corrupted data. This issue can occur due to a lack of testing on backups and can cause data to be unrecoverable. The key to preventing this from happening is to test backups once a week by taking a random data sample, restoring it, and then verifying new datasets.
Make sure you have a safety net
Even if an agency implements anti-phishing technologies, educates team members on how to spot phishing attacks and rogue documents, and obtains cyber insurance – it can still fall victim to a ransomware attack. Because of this, agencies need a safety net to make sure all data is protected and can be recovered quickly.
Backup solutions such as Quest’s NetVault Plus can ensure data immutability, provide abstracted storage, deliver data in disparate operating systems, provide an immutable recycle bin, segment access control, layer encryption, and more. There are many ways agencies can be proactive in preventing ransomware attacks but ultimately, having a safety net via a backup solution is the best way to protect an agency from the many virtual threats facing them today.
To learn more about how to prevent ransomware attacks in your agency, click HERE.
