From hospitals being forced to turn away patients to state oil systems shut down, ransomware attacks have become increasingly brazen and prevalent. The FBI received nearly 2,500 ransomware complaints in 2020, up by about 20 per cent from 2019.
“It’s not if we’re going to get attacked, it’s when,” says Robert Beck, Country Manager, ANZ, Protegrity. A ransomware attack would ultimately affect every single person. Governments need to put this critical issue on top of their agendas, to mitigate the impact of such attacks as much as possible.
Beck shares how governments can protect sensitive data against ransomware criminals and recover quickly in the face of an attack.
The ransomware epidemic
The number of ransomware attacks has increased dramatically in the past year, says Beck.
For instance, nine of the 11 largest cyber attacks in Australia between 2018 and 2021 targeted government, universities and healthcare. The victims included Australian Parliament House, Australian National University and Service NSW. The compromised databases from universities alone added up to 444,000 user records.
Recent worldwide ransomware attacks have not only rendered the target company’s assets inoperable, the attackers have also stolen highly sensitive personal information and threatened to sell it to the highest bidder.
These actors have become more sophisticated and changed their operations in recent years, according to Beck. They’re not only locking out sensitive systems – but also stealing data before these systems are locked.
This “double extortion scenario” makes the organisation’s systems unusable and risks exposing private information on the dark web, he adds.
That has “very big repercussions” for governments, as they are entrusted to look after citizens’ private information. “So there’s an enormous impact on the reputation, as well as just potentially breaching their own privacy and security laws.”
Protect what matters
Governments have typically had strong firewalls that put an “electric fence” around data stored in their systems, Beck says. “That’s important, and we can’t dismiss that.”
But they must also protect sensitive data to prepare for situations when criminals breach these perimeter defences, he emphasises. Encrypting personal data ensures stolen data is useless to anyone with a criminal intent.
Organisations don’t have to mask all of their data and “boil the ocean”, he says. They can do a sweep of data, find out which ones are most sensitive, and protect them sufficiently to render the data unidentifiable. This makes the job easier to execute, maintain, and lowers costs.
Protegrity’s software allows organisations to selectively mask parts of their data. For instance, security teams can choose to mask everything except the last three digits of identification numbers – allowing agencies to still identify citizens and provide services.
To protect themselves against the rise of ransomware, governments need to have the latest version of malware software operating in their systems, Beck says. This will detect when foreign agents have entered the system, and “chop it off” before it gets too bad.
In the event of an attack, organisations also must have a good disaster recovery system to mitigate downtime and recover quickly. Without this, organisations “become very vulnerable to paying the ransom”, he said.
There has been a lot of discussion around Zero Trust models as a cybersecurity strategy. These treat all users and devices as possible threats, and require organisations to verify anything and everything trying to connect to its systems.
This approach is effective at stopping the attacker from gaining access to systems and applications, Beck says. But it’s also a “relatively new model” that’s not supported by all systems and applications. It can also be costly to implement, he adds.
Zero Trust models will also do nothing for the organisation if ransomware is already introduced. It has to be combined with a great disaster recovery system, malware detection, and data protection to fight ransomware effectively, he explains.
Ransomware attacks are becoming more vicious. Governments need to have all hands on deck – data protection tools, a quick disaster recovery response, and malware detection will go a long way.