Skip to main content

Protecting government from cyberattacks and ransom demands

(Image credit: Image source: Shutterstock/Nicescene)

The fact that dangerous cyberattacks, and their consequences have been made increasingly public has increased the sensitivity of data security, not only among the general population, but especially at the targeted government institutions. A 2019 cybersecurity study found that even if disclosure of such attacks is required by law, some institutions have not publicly reported violations. This suggests that the actual number of attacks is likely to be far higher than previously estimated.

Ransomware attacks on governments are on the rise. In 2019 many national and local governments and authorities were the targets of cybercrime. The UK’s National Cyber Security Centre (NCSC) revealed that the UK government was the subject of over 600 cyber-attacks between 2018 and 2019. 

This is not just an issue limited to the national government - local authorities are affected too. Research from insurance broker Gallagher showed that over the first six months of 2019 UK councils experienced 263 million attacks, the equivalent of almost 800 every hour. The result of a successful attack can be a lack of productivity, financial issues and other operational deficiencies and crises for these organisations. 

Protection is prevention

It is time to act. But many are struggling to implement effective protection measures and do not prepare in advance to defend themselves. Indeed, research shows that only thirteen per cent of UK local authorities have cyber-insurance, meaning that the majority are unprepared for an attack. The reason? They have too little information about the attack scenarios of hackers and are lacking a solid strategy in place in the event of an attack.

According to a global study conducted by StorageCraft, while sixty-eight per cent of respondents believe they have a clear plan in place and could quickly recover from a ransomware attack, nearly a quarter (twenty-three per cent) do not test their recovery plans. Of those that do test, nearly half (forty-six per cent) only test their recovery plans once a year or less.

As is so often the case, the best form of protection is prevention. This means taking appropriate protective measures to stop a cyberattack before it even has a chance to infect computers. For example, government organisations that handle sensitive information should have powerful spam and high-quality firewalls to protect against malicious IP addresses.

More security can also be ensured by using up-to-date operating systems and introducing standard processes for attaching operating system patches and updates, as well as recognised anti-virus programmes. But what must be remembered is that it is not enough to simply install and implement these protection measures. Instead, it’s crucial that the measures must be continuously tested and optimised to ensure that the data remains protected.

Prepare employees to defend against cybercrime

Phishing attacks that attempt to steal personal data from an email recipient, in particular, remain a concern. Cyberattacks are unfortunately on the rise, as employee emails become more vulnerable to hackers. For example, malicious actors posing as HMRC have hit UK taxpayers with 1.5 million phishing scams over the past two years. Opening an email attachment of a supposedly harmless email can cause a virus to become active and spread throughout the entire system. triggering an attack.

To stop these types of attacks from occurring, education must be central to any prevention strategy. Employees should be made aware of how to protect their computers from a possible attack and how to identify a potentially dangerous email. Hackers constantly re-adjust their attack methods to overcome the latest security technology, so employees must be continuously informed and trained.

Introduce security solutions

The market has a wide variety of security solutions. They cover a wide range of areas, such as intercepting viruses, providing secure passwords, or controlling routes in and out of the cloud. Which of the solutions is appropriate for whom is dependent on the requirements of each individual. However, a holistic security strategy should be established before the introduction, on the basis of which the appropriate solutions are then acquired. Care should be taken to ensure that there is no patchwork, but an all-encompassing system that leaves no gaps open. The gaps are what hackers take advantage of and thrive on.

Reduce damage and downtime

It must be considered that even the most well thought out plans sometimes fail. If all preventive measures and safety systems fail, steps must be taken to ensure that the existing data is as secure as possible and can be reliably restored. This is the only way to ensure that, in the event of a cyberattack, minimal damage and downtime occur. This is especially important as infrastructures or public institutions offer elementary services and have sensitive, personal data that is highly protected.

The backup plan

StorageCraft research shows that forty-seven per cent of respondents foresee an inability to recover quickly enough in the event of a data outage, illustrating the need for a solid back up plan. In the event of an attack, disaster recovery plans should include certified and recognised backup and disaster recovery software. Local backup images may be sufficient to protect the data. However, since ransomware is able to encrypt backups, it is recommended to go a step further and replicate the backup images to a cloud system. This ensures that the files are still secure and easy to recover.

Don't pay under any circumstances

If a public institution is the target of a ransomware attack, it is important that they keep calm and don’t pay. The payment of a ransom encourages hackers to continue to launch attacks and signals to them how vulnerable an organisation is, which can increase the likelihood of further attacks in the future.   

Public administrations, authorities and institutions must be aware of cybercrime. They should continue to do their utmost to protect their systems and data and, in the event of a successful attack, ensure that the public is kept informed in a targeted and coordinated manner. It is essential to prevent hackers from using such attacks to unsettle the public and to shake confidence in existing social systems and structures.

Florian Malecki, International Product Marketing Senior Director, StorageCraft