Cybersecurity Roundup: Kaseya, Barracuda, Qualys, Arctic Wolf Networks
…a company’s network goes down, hackers also recognize that downtime is not an option for local governments who need to provide critical services to residents and businesses. State and local governments can also be hot spots of citizens’ personal information, making it a prime target for hackers.
CF: Are there ways local governments can protect themselves so they don’t have to pay a ransom when ransomware hits?
KL: First, create a proactive incident response plan. Government agencies should prepare an incident response plan that details the role of every individual in case of a breach. Organizations must also bridge gaps in coordination between employees and third-party vendors, if any, to enable proactive risk management.
Second, patch on time to reduce risks. The U.S. Department of Homeland Security (DHS) recently issued a new Binding Operational Directive (BOD 19-02) instructing government organizations to patch critical vulnerabilities within 15 days, and high severity vulnerabilities within 30 days. Patching on time helps reduce the attack surface and ensures vulnerabilities are mitigated quickly. Automating patch management is moving a step ahead. With tight budgets and
limited manpower, government agencies can make sure that patches are not missed across the entire network with an automated patch management solution.
Third, have [and test] a proper business continuity and recovery plan. Government agencies need a solid backup and disaster recovery (BDR) plan. This is a critical requirement to protect against ransomware attacks, for example. A foolproof method of backing up data would be a combination of onsite and cloud backup, also known as hybrid cloud backup.
And finally, develop cybersecurity skills in the workforce. For government organizations to be fully prepared to tackle cyberthreats, IT directors should have a long-term vision which includes up-skilling their employees in areas of cybersecurity. With budget constraints always at the forefront of concerns, it might not be feasible to routinely train every member of the team. Instead, areas to focus on can be prioritized and worked upon to implement effective up-skilling.
CF: Can MSSPs and other cybersecurity providers be doing more to help local governments protect themselves from ransomware attacks? If so, how?
KL: The biggest thing MSPs, MSSPs and other cybersecurity providers can do to help local governments is focus on doing risk assessments, incident response and process creation. So often we are focused on developing and implementing a technology or product, but that technique alone has been demonstrated as ineffective. I liken it to getting a flu shot: It may protect you 65% of the time, but it is not 100% foolproof. Despite this, you should still absolutely get a flu shot.
You should also, in the case of this cyberattack, ensure you are using next-gen antivirus, doing cybersecurity training and phishing simulation, configuring end-user machines with least privilege, and disabling non-essential services like remote desktop protocol (RDP) from anywhere as used in this attack. That could have stopped this incident, but note that it won’t stop them all. Louisiana had a way to stop the spread and recover from backups. It is…