Security

How Government and Industry Can Work Together to Deter Cybercriminals

Better implementation of basic cybersecurity, user training and comprehensive backup solutions are needed to fight back against ransomware.

Earl Matthews

Earl Matthews is the president of Veeam Government Solutions. Prior to VGS, he held senior positions within the White House, the Defense Department and in the U.S. intelligence community. At the White House, he served as deputy assistant to the president and senior director for defense policy and strategy on the National Security Council.

Halfway through 2021, thousands of public and private sector organizations across the U.S. have already encountered high-stakes ransomware attacks. The frequency of such events, alongside the continued widespread need for remote work, has made data protection more important than ever. Cybercriminals have a pathway to an easy and profitable payday if these issues are not addressed.

The attacks the U.S. has endured this year have brought Americans’ daily lives to a halt. From attacking pipelines and disrupting gasoline supplies to halting meat production operations, cybercriminals know that many organizations will feel obligated to pay a ransom in order to keep their operations afloat. While the most high-profile recent attacks primarily targeted private organizations and government entities, academic institutions are also at risk.

The federal government has issued a wealth of guidance and is pushing numerous legislative efforts to protect itself and the private sector. Most recently, the National Institute of Standards and Technology introduced updated guidance on ransomware risk management. The Cybersecurity Framework Profile for Ransomware Risk Management NIST issued in June features advice on how to defend against malware, what to do in the event of a cyberattack and how to recover.

While the government takes action to defend against threats, it’s important for federal agencies to understand what’s needed to protect data from cybercriminals. If agencies and businesses want to successfully deter these criminals, the consistent application of cybersecurity best practices and the use of sustainable data protection strategies are key.

Best Practices to Prevent Ransomware

With the alarming regularity of ransomware, it is vital for agencies and businesses to implement and follow standard cybersecurity practices to prohibit these attacks from taking place.

Implementation and standardization of these practices begins with the basics, including the use of encryption, multifactor authentication and data backups. While these practices may seem obvious, consistent implementation can help prevent many attacks —ransomware and more.

Beyond this, public and private sector organizations alike must do a better job educating and informing users of their role in combating ransomware and other cyberthreats. The challenge has only been heightened by the increase in remote work and the resulting data mingling that’s become more common. Such mingling occurs when remote workers access data from their organizations on personal devices or complete personal tasks on their work laptops, both of which pose a major threat.

Agency employees’ use of personal devices for government work can create an easy pathway for cybercriminals to access mission-critical data. Employees must understand their role in protecting an organization’s data, whether they’re in an office or not.

Agencies Should Adopt the 3-2-1-1-0 Rule

Regardless of good employee education and cybersecurity practices, the risk of ransomware remains. For this reason, sustainable data protection and backup strategies are key. These strategies should be strictly followed and easy to remember.

One of the most straightforward strategies recommended for organizations is the 3-2-1-1-0 rule. Each number represents a different backup policy, and the use of this strategy can prepare organizations to recover if they’re hit by ransomware.

Using this strategy, a minimum of three copies of data should always be maintained. Keep in mind that’s a minimum of three; many agencies keep four or five copies of mission-critical data. These three copies should be stored on two different types of media.

It is recommended that one copy be stored offsite and that one copy is immutable or stored offline. These copies are important, as they ensure that even if a threat is prolonged or affects more than one building, there will still be both offsite and reliable air-gapped copies of the data.

The final number in the equation, the zero, represents that there should be zero surprises if a cybersecurity event were to occur. If an organization follows a strategy like the one defined here, it should ensure the recoverability of its data.

As ransomware attacks become more common, federal agencies must adopt best practices with modern data protection, including the right backup strategies and solutions. The sophistication of today’s attacks has made it necessary for organizations to utilize programs that can protect their physical, virtual and cloud data. These programs can help ensure that an organization’s data is protected in real time and can be quickly recovered in the event of a data breach.

Applying and reassessing these practices and strategies with updated agency guidance can help ensure that mission-critical data is continuously protected.

gorodenkoff/Getty Images