Ransomware's Impact On Government Cybersecurity

In our most recent BitSight Insights report, we discuss the pervasive issue that is ransomware. The report states that education has the highest rate of ransomware across all industries—and government comes in second.

It’s clear that government is becoming a bigger target for cyber criminals looking to use ransomware. In fact, according to a report from the Department of Homeland Security (cited in this DHS magazine article), there were 321 incidents of ransomware on 29 different federal networks between June 2015 and March 2016.

How pervasive is the threat of ransomware? Learn how ransomware is evolving and how government agencies are susceptible in this report.

Below, we’ll walk through three actions government agencies can take to mitigate risk and reduce the impact of ransomware attacks.

Cybersecurity In Government: 3 Practices For Preventing Ransomware Attacks & Fallout

1. Understand that ransomware attacks are opportunistic.

Simply understanding and acknowledging why cyber criminals use ransomware attacks is a step in the right direction. Most criminals who use ransomware want an “easy payday,” so they target organizations that deal with time-sensitive, critical, or life-and-death information. Cyber criminals are increasingly focusing on healthcare, education, and government because they know that they have a good chance of interrupting a critical function, which increases their odds of a payout.

2. Regulate cybersecurity internally.

In our BitSight Insights report, we found that the financial industry performs the best against ransomware attacks. This may be partially due to the increased regulatory scrutiny financial institutions face. Self-imposed regulation and diligence could become far more critical for government agencies that may lack advanced cybersecurity protocols and internal training.

3. Be diligent about cybersecurity best practices.

A. Continuously Monitor Your Vendors

Foreign hackers have gained access to voter-related information in four states during this 2016 election cycle not just by attacking the government system but by breaching vendor networks that handle voter information. While these attacks are not directly related to ransomware infections, it’s important to note that vendors can be a point of entry for cyber criminals. Government agencies should be particularly diligent about continuously monitoring those vendors.

B. Establish Email Security Protocols

In February 2016, a police detective’s laptop in Melrose, Massachusetts, was attacked with a ransomware infection that forced the department to pay a bitcoin ransom to regain control of its network. The officer who triggered the attack opened an infected email attachment, which then encrypted the files on his system. To help prevent malicious attacks through email attachments, government agencies need to implement email security protocols like Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). SPF helps limit an attacker’s ability to successfully spoof a valid “from” address, and DKIM helps to authenticate valid servers and limit the sending of spoofed email messages.

C. Back Up Your Systems

If your network is compromised through a ransomware attack, you should have a regularly updated backup of your systems to fall back on. This could cause a disturbance, as systems could potentially be offline for a while—but it could also help you avoid paying the ransom. Government agencies (and also other organizations) must assess the impact of a major disruption on their network. With system backups that are segmented from the rest of the network, IT teams may be able to reduce the amount of downtime resulting from a ransomware attack, and avoid the necessity to pay a ransom to retrieve information.

Learn More About Ransomware In Government Cybersecurity

Ransomware is affecting virtually all industries today. Download the latest BitSight Insights report to learn more about how ransomware infections have evolved over the last year and how businesses can help mitigate the threat of ransomware.