October is Cybersecurity Awareness Month, and the theme for this year is “See Yourself in Cyber.” This personalized theme is designed to help us see our role in making sure not only our systems and information remain secure, but see how our actions can impact the systems we and others rely on each day. Part of this personal stake in cybersecurity means making sure each of us is educated on the various threats.
Ransomware, the practice of locking down systems and demanding money from system owners for restored access, is evolving. Today, ransomware attacks tend to be two pronged. Not only are attackers asking to be paid to restore access to systems, they frequently demand a second (or larger) payment to ensure they will not release the data they gained access to during the takeover.
It is critical that as employees and citizens we understand how ransomware works, how the bad actors get access, and what can be done to block ransomware attacks.
- Size does not matter – While large-scale attacks like the Colonial Pipeline incident make headlines, ransomware actors are increasingly targeting smaller organizations with valuable data, leaner security staffs, and more lax policies. This includes K-12 schools, small hospital systems, and small town governments.
- Patching is key – The best way to prevent ransomware is to close all known vulnerabilities by ensuring systems and devices have the latest security patches. This means that at both the enterprise level and the employee device level, policies and enforcement must ensure that patches are applied as soon as they are available.
- Sharing is caring – A key element of the Cyber Security Executive Order is cooperation among government and the private sector to allow for better threat intelligence sharing. To support this, the Cyber Incident Reporting for Critical Infrastructure Act was signed into law in March 2022 requiring the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations for organizations to report cyber incidents and ransomware payments to CISA.
- Phishing as an entry point – Educating people on what a legitimate email communication looks like continues to be critical as phishing is often a root cause of ransomware attacks. But the phishing threat goes beyond emails with hackers trying to gain access through legitimate sounding voicemails or even text messages requesting passwords or other information.
- Beware of removable media – USB devices are another frequent entry point for ransomware software. Employees need to be educated on these risks so that they never plug an unknown USB into the computers they use to access enterprise networks.
Stopping ransomware starts with realizing that it’s not an IT problem. Ransomware enters systems through the actions of individuals. By learning about and following basic cyber hygiene, ransomware can be stopped in its tracks, enabling everyone to secure systems and important data.
As the founder of GovEvents and GovWhitePapers, Kerry is on a mission to help businesses interact with, evolve, and serve the government. With 25+ years of experience in the information technology and government industries, Kerry drives the overall strategy and oversees operations for both companies. She has also served in executive marketing roles at a number of government IT providers.