Originally Published by Tech Native
The public sector suffered 236 million ransomware attacks in the first half of 2022, according to SecurityScorecard.
This figure can – and likely will – double in 2023. And that’s only ransomware. It doesn’t include all state-sponsored attacks, phishing, credential thefts, or DDOS attacks. Clearly, the age of data has caused an explosion of cybercrime and cyber warfare, resulting in an unrelenting assault on the public sector. From government bodies to the military, from education to healthcare, nobody is safe. But there is hope.
The public sector can protect its critical data and operations in several ways. Not completely, of course, but a stitch in time saves nine. Here are five steps we can take to lower the likelihood of breaches.
Step one: Updates and maintenance
A poorly maintained house is easier to rob. In the same way, outdated and unpatched systems are open invitations for hackers. IT infrastructure and applications must be kept up to date as part of regular maintenance habits, including software and tool updates and timely patching.
Step two: WAF (web application whitewalls) and firewalls
Firewalls and WAFs are both essential security measures that can help protect networks from unauthorised access and cyber threats. While firewalls can block access points, WAFs take security a step further by actively inspecting traffic and detecting known threats. By monitoring access to open ports, WAFs act as a second line of defence against potential attacks.
A simple way to explain this is that WAFs can be thought of as open windows and doors, as they are designed to monitor and filter incoming and outgoing traffic. They act as a security measure, inspecting and analysing data packets, allowing legitimate traffic to pass through while blocking any malicious activity.
On the other hand, firewalls can be considered closed, locked windows and doors because they primarily focus on creating a barrier between internal networks and external networks. Firewalls block unauthorised access to a system by enforcing a set of predefined rules that determine which incoming and outgoing traffic is allowed or denied.
Step three: Intrusion Prevention Systems (IPS)
Intrusion Prevention Systems (IPS) are a vital security measure that can detect and prevent threats and vulnerabilities at the traffic flow level. When paired with a hosting provider, IPS can help safeguard against a range of cyber attacks, including ransomware, malware, denial-of-service (DoS) attacks, and other types of malicious traffic. With advanced threat detection capabilities, IPS can quickly identify and mitigate potential attacks before they have a chance to cause serious damage to your network or systems. It can also provide real-time protection against both known and emerging threats, meaning IPS offers valuable peace of mind and enhanced security for any business operating in today’s complex and ever-evolving threat landscape.
Step four: Encryption
Encryption is a powerful tool that is widely used to protect sensitive data. One of the primary benefits of encryption is that it can be used to encrypt data at rest, which means that the data is protected while it is stored on a device or server. Encryption transforms the data into an unreadable format, which can only be decrypted using a specific key. By rendering data unreadable without a specific key, encryption thwarts unauthorised access, leaving cybercriminals with no viable means of stealing sensitive information
Although encryption is a great way to keep data safe, if the encryption key is lost or stolen, it can be nearly impossible to access the data again without the key. This can be particularly problematic in cases of ransomware attacks, where cybercriminals use encryption to lock victims out of their own data, and then demand payment in exchange for the encryption key.
Organisations should take steps to ensure that they have robust encryption key management practices in place and should be prepared to respond quickly in the event of a ransomware attack or other security incident.
Step five: Immutable Backups
Immutable backups offer a powerful defence against ransomware attacks by providing a “write once, read many” (WORM) approach. Once data is written to these backups, it cannot be modified or deleted, ensuring that it remains intact and protected from unauthorised changes or cyber-attacks.
So, by enabling organisations to quickly restore their systems to their pre-attack state, immutable backups provide a reliable way to recover from ransomware attacks. This means that businesses can ensure that their critical data is protected against ransomware attacks, and they can recover quickly from any security incidents that may occur.
So what’s the conclusion?
For one, the public sector can no longer ignore its cybersecurity posture. Cybercrime and cyber warfare have grown to a point where the public sector must ensure its services stay secure and operational for everyone’s sake (even, ironically, for the hackers). And while that may seem daunting with a shrinking budget in an unstable political landscape, there are several cost-effective solutions – and taking just one of the five steps above can go a long way.
