To fight the hackers is not an easy task, and minor errors can be the establishment of significant problems in government agencies. Awareness training to the staff will help in spotting and strengthening weak links from inside.
FREMONT, CA: An eternal question that remains a concern for most of the government agencies is that when an agency is hit by Ransomware, what should it do? Should it fight back and reinstate the power or hand over the money to the attackers? Unfortunately, there is no one answer to the question and is much debated.
In 2018 one particular city was attacked by unidentified cybercriminals, and the town’s email service, online payment processing, and transactions were all halted. In return, the hackers demanded bitcoins whose price was estimated to $100,000.
Cyber-attacks have been on the rise every year, and especially the attack on government agencies has been persistent. Particularly the state, municipal, and local level organizations have inadequate resources. The cybersecurity functions in the bureaus are underfunded and short-staffed at a low against the similar-sized financial service organizations would have. For the funding, staffing, and other reasons, the entities are perceived as easy targets that present a wealth of private and sensitive data that malicious criminals can hold or sell for ransom.
The operations of organizations are often small with limited resources and are, for that reason, less prepared to defend the precious data they collect, store, and manage. The data collected is from services such as critical infrastructure, taxation, healthcare, and more, which make agencies a chief target for cyber attackers. The personal data of citizens comprising payment card information, full names, social security numbers, addresses, and beyond is mostly waiting to be stolen. So, the government agencies ought to consider the impact of the pilfering if the integrity of the data is undependable.
Nevertheless, there are definite steps that government agencies can take to protect themselves from cyber threats. Cost-effective and practical approaches can be looked at to increase security posture. Most government agencies are tasked to provide citizens with new technology for services efficiently and quickly. The services might contain card payment for transportation, paying for parking tickets digitally, paying for electricity bills and electricity, and managing vehicle licenses and services. Conversely, as many government bodies are faced with limited resources, internal staff may not have the know-how of the operation of the novel technology, let alone with the security. For this reason, a large amount of the workload gets exported to the third parties. However, not all third-party service providers are equally shaped when it comes to security.
Factors Affecting Government Entities
For government entities, the potency of cybersecurity is only as much as the security of the service providers that they select. Most of the third-parties charge high rates and do not leverage enhanced technology, thereby initiating additional risks. So, the gates are open for the key players—hackers and other malicious bodies to target the classified agencies. The attack is either through the service partners or directly to embezzle the citizens’ information, plant an attack on the network, or install card reading malware.
Another prime component contributing to the supplement of attacks on government organizations is the normalizing of cyberattack techniques. A malware that is gaining popularity among the hacker community is the Ransomware for the way it is put together and shared for easy, quick, and successful deployment. Additionally, hackers are using more sophisticated methods and share their knowledge with amateur cybercriminals who have the means to launch attacks and cause mayhem. The reason Ransomware is booming because know government units are likely to disburse the money. Also, attackers targeting government agencies’ cyber-attack recovery promptness are repeatedly low, and since the substitute, a denial-of-service attack is deplorable.
How Should Government Agencies Respond to a Cyberattack
Most law enforcement officials maintain the stance that ransoms, in general, should not be paid, since compensation encourages more attacks. While the security consultants, on the other hand, who are charged with serving clients to retrieve control of their data and systems often suggest payment. The consultants affirm that ransom is the least expensive and a fast way to get backups and operations running. Even if victims decide on paying the ransom, there is no assurance that organizations will be able to recover all the data that was taken captive. For instance, there have been cases where criminals have received compensation and have not returned the data. At other times, though the cybercriminals hand back the functions and data, the system still needs remodeling to make sure that no traces of attacks are left behind.
So, to combat the mounting threats and work on strengthening the weaknesses, local government agencies are required to take the following steps to reinforce their security stance:
• Make the Staff Take a Lead: Combating cyberattacks should be actively managed through technological excellence, preventative action, and training of both IT professionals and the users. Dedicated information security personnel must take the lead to recognize and rectify cybersecurity flaws. They should weigh a range of alternatives and approaches to toughen defenses against data theft, breaches, and extortion.
• Keep Data Restricted to Employees: To minimize downtime, damage, and effectively avoid having to pay the ransom, government entities should identify the things at stake if a hacker succeeds. Organizations should deny access to any person who does not require it. Alternatively, the agency can provide access to a user who needs access to all resources and assets and grants permission accordingly. Lastly, the access permission for individuals who have left or are terminated from the organization needs to be immediately revoked once they are no more associated with the agency.
• Empower Staff: The management of third force technology dealers needs a decent amount of technical knowledge. A local organization may not have the finances to hire a full team of technology or security experts, but they need to uphold some level of internal proficiency. The deal in security must be both well-managed and suitable as the government business model is drifting to technologically derived services.
• Prioritize on Educating the Workforce: Fighting hackers is not an easy task, and minor errors can be the establishment of significant problems in government agencies. Awareness training to the staff will help in spotting and strengthening weak links from inside. Teaching strategies to discover suspicious link and emails before clicking will limit business email compromise attacks, successful phishing, and spear phishing.
• Implement Ample Asset Management: Agencies need to maintain an accurate inventory of all of their possessions, including every part of the data. If the data is not recorded, then the task for organizations becomes challenging to safeguard the data that they are not aware of.
• Agencies Should Secure Their Basic Controls Rightly: Organizations should not be diverted with the higher-order security deals until they are sure of making the core of the basics robust. The fundamentals of the basics include detective and preventative controls such as identity and access and asset patch vulnerability along with network security.
• Put Necessary Security Practices into Operation: There are frequent instances of data breaches occurring due to simple mistakes. Government agencies can focus on frameworks such as critical security controls, and carry out thorough testing to ensure that their execution is working as it is supposed to.
• Analyze Security Responses: By practicing continuous corroboration of security controls, government organizations can discover and fix vulnerabilities in real-time. Even before adversaries gain a chance to exploit weak points and cause potential disclosure of information, the data is secure upon validation.
• Perform Backups Often: Recurrent and complete backups will guarantee that data is protected and that the recovery process whenever necessary is as seamless as possible. Backups should preferably occur as often as resources permit. Most organizations today opt for a cloud backup solution, due to its added security layers and automation as the external storage is expected to be damaged, or stolen.