Ransomware has proven to be an unrelenting, volatile and evolving threat. Malicious actors continue to find new methods and new threat vectors for infiltrating government systems. Meanwhile, the ability of state and local agencies to improve their defenses remains hindered by outdated technology, a shortage of cyber experts and inadequate funding.
Despite all of that, agencies can take steps to prevent ransomware attacks. To learn more, GovLoop spoke with James Yeager, Vice President for Public Sector and Healthcare at CrowdStrike, which provides cybersecurity services and solutions. Yeager highlighted three methods that are key to ransomware protection.
In many cases, malicious actors get into a system by taking advantage of a known vulnerability that an agency has failed to address. An unpatched vulnerability is the cyber equivalent of leaving a window open or a door unlocked.
In part, the solution is better cyber hygiene, Yeager said. Agencies need to know what software is installed on their systems, what systems they are connected to peripherally, and what vulnerabilities are part of that mix.
But given the scope of the challenge, agencies also need to assess the risks associated with each system, and leverage patch prioritization and automation solutions to ensure critical systems are always protected.
Adversaries are operating with tremendous speed these days, Yeager said. Cyber defenses that look for the signatures of known attacks will always be running behind. “To match the speed of defense with the speed of the attack, we need to be operating at machine-speed levels,” he said.
Machine learning leverages operational data from across the network to detect anomalies and identify malicious intent without relying on signatures. But this method requires massive datasets and sophisticated data models. Ultimately, most agencies will need to partner with cloud-based technology providers to make a machine learning-based approach feasible.
Indicators of Attack
How do you know that a ransomware attack is underway before it is too late? The problem is that malicious actors have gotten good at obfuscating their activity.
Often their attacks comprise a series of steps, each of which is seemingly innocuous. Yeager compares it to recognizing that a bank robbery is in process. The person walking around the building might be out for a stroll, or they might be “casing the joint.” The person entering the bank wearing a mask might have health concerns, or they might be hiding their identity, and so on.
“If interpreted on their own, they are not necessarily indicative of a potential breach,” Yeager said. “But when you stitch them together with a pattern of behavior, they begin to tell the story.”
CrowdStrike recognizes that there’s no simple solution for ransomware. Instead, “it’s about having a committed, sustained and truly modern approach to the three fundamental aspects of a security program: people, process and technology,” said Yeager. “These three aspects must really work in concert if you want to tip the scales in your favor.”
As challenging as it sounds, cyber resilience is an achievable goal, he said. “It can be done, and frankly, it’s got to be done.”