CISA provides ransomware protection advice to agencies

CISA offers ransomware advice as attacks evolve

The CISA guide includes the following recommendations:

• Keep encrypted data backups offline and regularly test backups
• Create, maintain and implement a basic cyber incident response plan, resilience plan and associated communication plan
• Mitigate Internet vulnerabilities and misconfigurations to reduce the risk of actors exploiting this attack surface
• Reduce the risk of phishing emails by activating powerful spam filters and implementing a cybersecurity awareness and training program
• Practice good cyber hygiene by keeping antivirus and antimalware software and signatures up to date, implementing application whitelisting, ensuring privileged users and accounts are restricted, using multi-factor authentication and implementing other CISA cybersecurity best practices

“Over the past year, we have seen an upsurge in ransomware attacks among state, local, tribal and territorial governments, as well as small and medium-sized businesses,” said Boyden Rohner, CISA associate director for vulnerability management. “This is an epidemic that affects cities, police, hospitals, schools, manufacturing targets and critical infrastructure, and ransomware players do not discriminate on the basis of industry or location. size of the organization. “

Recent ransomware attacks against state and local agencies include incidents in Joplin, Missouri, targeting the Alaskan justice system and the Washington, DC Metropolitan Police Department.

Even when they are not in the national news, these attacks occur across the country and impact daily life.

“We have seen horrific examples of compromised state DMV systems, and people cannot renew their driver’s licenses. Local governments are affected by ransomware and they cannot process marriage licenses, death certificates, ”said Matt Pincus, director of government affairs at the National Association of State Chief Information Officers.

RELATED: Learn how to create an effective incident response plan.

This creates growing concerns for people, who may think, “I will not be able to go to school, I will not be able to get treatment in a hospital, I will not be able to do anything with my condition or my government. local, ”Pincus says.

Traditionally, malicious actors have demanded a ransom in exchange for decryption; The CISA guidelines explain that threats have evolved to become “more destructive and more impactful”. Today, a growing number of hackers are exfiltrating data, including personally identifiable information, and threatening to sell or disclose it if organizations don’t pay.

“Malicious actors are evolving their ransomware tactics to take advantage of unpatched systems, lack of network segmentation, and trust relationships within systems,” Rohner explains.

TO EXPLORE: Ransomware and phishing remain the top cybersecurity concerns for agencies.

Cyber ​​hygiene is essential to the security of the agency

In NASCIO’s latest report on its annual survey of state CIOs, respondents overwhelmingly cited ransomware attacks as their top concern for government continuity. Twenty percent said their state has experienced a cyber incident since the pandemic-induced switch to remote working, coupled with the increasing adoption of new technologies, which has increased the risk to state systems, the government said. report.

NASCIO fully supports the measures outlined in the CISA guidelines, said Pincus, who underscored the federal agency’s recommendation to implement a user education and training program on cybersecurity.

“I can’t tell you how important this is to state CIOs,” he says. “A lot of cybersecurity and ransomware attacks all happen because of human error. You click on a link, and guess what? You have compromised your entire state network. You have compromised your entire local government.

MORE FROM STATETECH: How to fight ransomware with a unified approach to IT modernization.

Adopt a “pan-state approach” to cybersecurity

Pincus says states likely already have these types of safeguards in place, but he advises officials to also work with local government agencies, such as school districts and hospitals, on cybersecurity security.

“I think it boils down to what we call a ‘holistic approach’, which is every state agency, every local government agency, the National Guard, CISA – everyone has a role to play,” he says. .

This is happening in states like North Carolina, where officials formed a joint cybersecurity task force in 2018 that includes several state departments and the National Guard. It is also home to the North Carolina Local Government Information Systems Association, which deploys trained response team members to jurisdictions experiencing cybersecurity incidents to help provide free response and recovery resources. The National Guard offers free services such as vulnerability assessments and employee training that counties can also take advantage of.

“There are a number of different opportunities that can be exploited locally: engaging in strong cyber hygiene, strong passwords,” says Rob Main, North Carolina’s new chief risk officer. “Often you can implement MFA at no cost depending on your current network operating environment. “

It all goes back to user training, according to Main. “It kind of follows the ‘See something, say something’ pattern,” he says,

Rohner of CISA says these proactive measures are essential because “the battle against ransomware doesn’t start the day you get hit.”