For several years in a row, tech observers have declared it “the year of ransomware.” That time finally appears to be over. Not because ransomware has peaked — far from it — but because people now seem to realize hackers have found an attack type so lucrative that they’re going to keep using it again and again.
By 2025, ransomware attacks are projected to cost businesses up to $10.5 trillion per year in combined lost revenue, brand impact and missed opportunities. And in a 2021 survey, two-thirds of CISOs said they felt their organizations were at risk of falling victim to a successful cyberattack.
Often, we find that organizations adopt several tools to beat back ransomware attacks, resulting in convoluted solution environments. State and local government agencies require a unified, multilayered approach to ransomware protection. This approach must help agencies to identify threats, protect their environments, monitor for suspicious activities, and respond to and recover from attacks.
Begin by Identifying the Assets That Need Defending
The first step in multilayered protection is knowing what assets you’re trying to protect. There are strong tools available to assist agencies with identifying risk exposure and coverage status, allowing security professionals to instantly identify potential gaps.
Governments also should employ zero-trust principles to give agencies complete control over who has access to data and systems and eliminate accidental or malicious insider threats by requiring dual authorization for administrative changes.
So many successful cyberattacks stem from simple issues such as password hygiene or a lack of multifactor authentication. By identifying these problems early in their cybersecurity journeys, organizations can save themselves significant time, money and effort later on.
EXPLORE: How security operations centers can support government staff.
Automated Monitoring Can Help with Handling Alerts
After agencies identify potential vulnerabilities, they must take proactive steps to protect their environments from attack. A good security solution can support this process by isolating networks and data management using multitenancy functionality and by securely air-gapping backups.
Agencies must be alerted when suspicious activity occurs within their networks. But many cybersecurity professionals struggle with “alert fatigue.” Bombarded by false alarms, these workers become overwhelmed trying to identify true threats amid the noise.
Click the banner to learn how your agency can increase its ransomware recovery capability.
Effective security solutions may use artificial intelligence and machine learning to weed out false positives, allowing organizations to focus their attention where it’s needed most.
Another tactic to consider is making use of “honeypot” decoy files. Because these are essentially fake files that would never be changed or deleted by a legitimate user, any activity on them will instantly alert an agency to the presence of malicious actors.
READ MORE: Why federal grants are critical to state and local cyberdefenses.
A Backup and Recovery Strategy Is Essential
It’s a well-worn take for a reason: Cyberattacks are a matter of when, not if. Governments simply must be prepared to respond to these attacks quickly and recover from them in a way that mitigates damage as much as possible.
Agencies might consider an approach that enables response and recovery by isolating suspicious files to minimize ransomware spread, retaining the last known good copy of backups and automating the recovery process.
No agency can completely insulate itself from ransomware attacks. But by investing in tools that provide multilayered protection, organizations can ensure they are ready to face them.