A Federal Proposal Calls for Working with States and Localities
In response, IT leaders can do a lot. Through four key steps — preventing initial compromise, stopping compromised users and initial threats, eliminating lateral movement by minimizing attack surfaces, and preventing data loss — state and local agencies can protect against and mitigate the harm from ransomware.
The combination of offense and defense reflects federal guidance, where the Biden administration and lawmakers are facing a darkening cyberthreat landscape.
In its recent National Cybersecurity Strategy and implementation plan, the White House called for a multipronged approach to tackling ransomware threats, directing federal agencies with guidance and timelines to improve cyber resiliency in the face of evolving tactics.
On Capitol Hill, lawmakers recently introduced the Cybersecurity Awareness Act, a bipartisan bill to equip the most frequent targets of ransomware attacks, as well as underserved communities across the country, with critical access to cybersecurity training, education and resources. Under the legislation, the Cybersecurity and Infrastructure Security Agency would work with state and local governments, along with federal agencies and others, to promote cybersecurity best practices such as multifactor authentication and password security.
LEARN MORE: How can red teaming help agencies identify vulnerabilities?
Zero Trust Can Stem the Rising Tide of Ransomware Attacks
Despite the growing awareness, ransomware attacks are on the rise in localities nationwide.
In Dallas, for example, an attack in May took down city systems ranging from police and fire dispatch to courts and online payments. Firefighters reportedly were forced to rely on an old-fashioned radio and paper system.
Another ransomware strike targeting Oakland, Calif., caused a trove of employee and resident personal data to be released on the so-called dark web.
In Lowell, Mass., a recent ransomware attack led to all city computers being shut down, wiped and restored in what one official called “the biggest reboot in the city’s history.”
Going forward, things may only get riskier. “With the growing adoption of cloud computing and storage,” the recent Zscaler report warns, “ransomware attackers are likely to develop new types of ransomware and campaigns optimized for targeting cloud services and workflows.” The result, the report noted, could be “widespread damage, business disruption and theft of sensitive data, impacting multiple users or organizations simultaneously.”
A zero-trust approach to overall security is an organization’s most powerful weapon. Zero-trust security architectures redefine how user traffic reaches target applications. Whether from user to app, user to internet, or app to app, connectivity is direct, secure and ephemeral. This security strategy would help governments solidify statewide strategy and tactics while protecting the enterprise and citizen data.
EXPLORE: Learn how to fend off ransomware with a cybersecurity recovery program.
State and Local Agencies Can Take These Steps Now
On a more granular level, to prevent initial compromise, agencies should consider the best options for employing consistent security policies; for example, implementing extensive SSL inspection, browser isolation, inline sandboxing and policy-driven access control.
The best defense when users are compromised — and to prevent insider threats — includes combining inline application inspection and identity threat detection and response with integrated deception capabilities.
If attackers make it inside a state or local network, officials can prevent lateral movement by disconnecting applications from the internet and embracing a zero-trust network access architecture. With ZTNA, organizations connect users directly to applications, and connect applications to applications, rather than to the network itself, significantly restricting the potential reach of an attack.
Finally, to prevent data loss, good cybersecurity hygiene calls for implementing inline data loss prevention measures with full transport layer security inspection to thoroughly review data both in transit and at rest.
By adopting these best practices, state, local and municipal authorities can stay ahead of threat actors — and proactively protect their users, workloads and devices so valuable data remains safe from the growing threat of ransomware and other attacks.