• United States




Preventing ransomware attacks the right way

May 17, 20184 mins
CybercrimeData and Information SecurityHacking

Ransomware attacks continue to be a major threat with no sign of slowing down. Here are some lessons organizations can learn from federal agencies to better prevent them.

While ransomware is hardly a new threat, it’s far from being obsolete. In fact, from 2016 to 2017, ransomware attacks increased more than 90 percent. And yet, despite the ever-increasing risk, we still encounter hospitals, local governments, public safety organizations and private companies that lack the proper defenses against this costly and increasingly prevalent attack.

Federal agencies, on the other hand, have suffered much less impact from ransomware and similar attacks. Here are a few ways that federal agencies are finding and abating ransomware attacks through a hierarchical, determined approach to IT. 

The upside of bureaucracy      

Federal agencies’ diligent approach to job jurisdiction and administrative access has helped to fortify their networks against the threat of a wide-spread ransomware crisis.

Federal agencies depend on their human resources departments. From comprehensive background checks, to complex onboarding processes, they ensure everything is buttoned up and in its place. This includes restrictive access to administrative privileges. They stay purposefully tightfisted with credentials, making exceptions only in very rare cases. In this way, they maintain a broad view of which endpoints have permission to reach critical systems; this tactic is instrumental in isolating potential threats and minimizing their impact. 

While other organizations may never need federal levels of red tape, they can certainly afford to follow the lead when it comes to network privileges. Providing admin credentials to too many employees or without proper oversight is a sure way to lose track of who can access your network and which parts, rendering the whole system vulnerable should a ransomware attack occur. If other organizations stopped making exceptions today, and instead began finding and revoking stray access on their network, they could significantly decrease their risk of infection.

The redundant backup

The government cannot afford to take data protection lightly. The information in their hands directly affects the lives of millions of citizens, and it’s their responsibility to ensure it remains safe from malicious actors.

How do they accomplish that? By backing up their data often and without compromise. They analyze risk tolerance for different data sets, and store what they can in the cloud. They take routine snapshots of their data and store redundant versions on premises. And, perhaps most importantly, they ensure that no mission-critical files are stored exclusively on singular end-points.

Organizations often fall into complacency when it comes to data storage on personal devices. They use simple, inconsistent backups, if any at all.  They may use cloud storage for most of their data, but most have no real policy protocol in place. Many end up with dangerous amounts of data stored on laptops, backed up nowhere—data that may be valuable enough to warrant paying a ransom for if the need ever arose.

When organizations implement solid data backups, the threat of ransomware significantly decreases. Even if the organization should fall victim to ransomware, the attacker would have no leverage since everything would be ready for uploading to any other device. Federal agencies’ nature necessitates redundant backups, but businesses everywhere could benefit from them too.

Defense in depth

Above all, creating a stronger security posture, especially against ransomware, is layered protection. The federal government knows this and actively puts it into practice, which helps keep sensitive data and systems out of reach for malicious actors.

Other organizations should follow suit. While anti-malware and strong firewalls can help, these are only part of the equation. As threats grow increasingly advanced, individual solutions no longer suffice. There is no silver bullet. But there are myriad smaller steps that, when done in concert with one another, will enhance security.

For example, federal agencies regularly make use of two-factor authentication. This ensures that, even if credentials are compromised, there’s another layer standing between the virus and the object of attack. The government also leverages encryption, which is a straight-forward but incredibly effective way to secure sensitive information. They also carefully limit their endpoints to only the most essential, knowing that vulnerabilities often arise in unexpected places.

Every step counts

For federal agencies, the stakes are too high. They can’t wait until disaster strikes. Instead, they need to prevent it up front, even with tight budgets and limited resources.

By stacking security measures, organizations can learn a lot from the public sector about how to make a drastic, positive impact on their own security posture. It’s much better to have a strong, multi-tiered foundation, than to assume any single software solution will do the trick. With every extra layer, the potential for disaster is dramatically reduced.


Greg Kushto is the Vice President of Sales Engineering and Director of Security and Enterprise networking at Force 3. He advises federal technology buyers on the solutions that best fit their security needs. He previously was the Security Architect for the Agriculture Security Operations Center within the U.S. Department of Agriculture.

Greg also served as the Lead Security Architect at SafeNet, Inc and prior to that, he was Vice President of Security Architecture and Assessment for Citigroup.

The opinions expressed in this blog are those of Greg Kushto and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.