State and Local Government Should Follow FBI Guidance for Thwarting Ransomware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Establishing a Reactive and Proactive Defense

Backups are critical to restore systems if a ransomware attack succeeds, and they form part of a well-designed security architecture. Offline backups should be encrypted, unmodifiable and cover all organizational data. Encrypt cloud storage and backup cloud data to multiple locations with mandatory MFA access. But remember that it’s much better to prevent a ransomware attack than try to recover from it.

Zero trust is already in use at many state and local government organizations. Treating each attempt at access as a hostile attempt, zero trust uses continuous authentication and authorization (through identity and access management) to make access decisions and uses network segmentation to protect critical resources.

Enforcing least-privilege access is a core concept of zero trust, allowing government agencies to implement strong controls based on the specific needs of each user. IAM systems such as CrowdStrike and ForgeRock have proved their worth in combating ransomware. Couple them with free guidance on best practices and security outcomes from the Identity Defined Security Framework.

Network segmentation divides a network into smaller segments, limiting and controlling the traffic among them. This can help prevent the spread of ransomware laterally across a network and stop unauthorized users from accessing critical data. Segmentation can be done through a variety of methods, including VLANs, firewalls, software-defined networking and microsegmentation, among others; solutions are available from several vendors, such as Illumio and Cisco.

LEARN MORE: How agencies can mitigate threats created by AI enhancements.

How to Best Shift Focus and Resources

Among the FBI recommendations, one is especially relevant for state and local governments: securing Remote Desktop Protocol. With the surge in remote work, many organizations rely on RDP for employee access. However, the protocol is continually being attacked, so the FBI recommends limiting access to resources, authenticating access attempts and monitoring logs.

Implementing the FBI’s advice may seem overwhelming. The training and technological approaches specified here can be further enhanced with resources on combating ransomware from the Cybersecurity and Infrastructure Security Agency. These include a comprehensive Ransomware Guide, free scanning and testing services to identify and reduce exposure, malicious domain blocking and reporting services, and a security review to spot gaps using the National Institute of Standards and Technology framework.


Click Here For The Original Source.

National Cyber Security