Jun 22 2023

State and Local Government Should Follow FBI Guidance for Thwarting Ransomware

Administrators must train frontline employees, identify critical systems and implement identity management, among other actions.

Governments are among the top victims of ransomware. Because they are obligated to provide public services and cannot afford the paralysis that can result from having their data encrypted, bad actors can see them as prime targets.

State and local governments often bear heavy burdens when it comes to ransomware: Only 20 percent were able to stop an attack before their data was encrypted, according to Sophos, and only 58 percent of encrypted data was recovered.

A lack of skilled staff, budget constraints and outdated technology all contribute to the vulnerability. But there are ways to make state and local government agencies harder targets. In 2022, the FBI recommended a series of actions that include technology, training and defensive techniques — a list that can seem daunting.

Ransomware Sidebar


Identify and Safeguard Critical Systems

Protecting critical systems and data starts with knowing which critical systems are in a government network and ensuring that they are up to date. Automated scanning solutions such as Tenable One can conduct an initial discovery of an agency’s assets both on-premises and in the cloud to help determine which are most critical. Be certain all critical operating systems and software are updated. Quickly patch any important vulnerabilities to avoid exploitation. Vulnerability scanning must extend to cloud software as well; prioritize scanning and patching the most important assets. If administrators are overwhelmed with critical patch requirements, consider upgrading hardware and/or software to take advantage of security improvements.

EXPLORE: How state and local agencies can establish zero trust.

Build a Strong Bench Against Phishing

The frontline defense for any organization is its users, who are targeted continuously through attacks that are vectors for ransomware. The most common vector by far is phishing, in which an email may contain a malicious attachment or link to a malicious site. Phishing also can take place via voicemail or phone calls (vishing) or via text messages (smishing.)

Savvy organizations, recognizing that users are constantly targeted by bad actors, can make them part of their first line of defense through continuous security training. This should take place Taking multiple times during the year, heightening awareness about the risks of visiting suspicious websites, clicking on questionable links, responding to dubious messages purportedly coming from executives or opening attachments of unknown origin.

Ransomware perpetrators also know that they can get into networks by guessing passwords. Users should be encouraged to select strong passwords or passphrases and change them frequently. For many organizations, password management systems such as Keeper can generate and store complex passwords, sparing users the frustration of trying to remember them. For critical systems, multifactor authentication is a must, since hackers will likely give up when they encounter MFA.

Click the banner to learn how your agency can increase its ransomware recovery capability.

Establishing a Reactive and Proactive Defense

Backups are critical to restore systems if a ransomware attack succeeds, and they form part of a well-designed security architecture. Offline backups should be encrypted, unmodifiable and cover all organizational data. Encrypt cloud storage and backup cloud data to multiple locations with mandatory MFA access. But remember that it’s much better to prevent a ransomware attack than try to recover from it.

Zero trust is already in use at many state and local government organizations. Treating each attempt at access as a hostile attempt, zero trust uses continuous authentication and authorization (through identity and access management) to make access decisions and uses network segmentation to protect critical resources.

Enforcing least-privilege access is a core concept of zero trust, allowing government agencies to implement strong controls based on the specific needs of each user. IAM systems such as CrowdStrike and ForgeRock have proved their worth in combating ransomware. Couple them with free guidance on best practices and security outcomes from the Identity Defined Security Framework.

Network segmentation divides a network into smaller segments, limiting and controlling the traffic among them. This can help prevent the spread of ransomware laterally across a network and stop unauthorized users from accessing critical data. Segmentation can be done through a variety of methods, including VLANs, firewalls, software-defined networking and microsegmentation, among others; solutions are available from several vendors, such as Illumio and Cisco.

LEARN MORE: How agencies can mitigate threats created by AI enhancements.

How to Best Shift Focus and Resources

Among the FBI recommendations, one is especially relevant for state and local governments: securing Remote Desktop Protocol. With the surge in remote work, many organizations rely on RDP for employee access. However, the protocol is continually being attacked, so the FBI recommends limiting access to resources, authenticating access attempts and monitoring logs.

Implementing the FBI’s advice may seem overwhelming. The training and technological approaches specified here can be further enhanced with resources on combating ransomware from the Cybersecurity and Infrastructure Security Agency. These include a comprehensive Ransomware Guide, free scanning and testing services to identify and reduce exposure, malicious domain blocking and reporting services, and a security review to spot gaps using the National Institute of Standards and Technology framework.

Rawpixel/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.