The public sector is extremely vulnerable to data breaches, experiencing more cyber incidents than any other industry.
Earlier this month, the Flagstaff Unified School District (FUSD) shut down its schools to combat a ransomware attack.
The same day the district was shut down, the National Cybersecurity and Infrastructure Security Agency (CISA) said it had observed an increase in ransomware attacks across the nation, encouraging all organizations to check their security.
John Zanni, CEO of Acronis SCS, a software company dedicated to providing secure cyber protection services to the United States public sector, said these attacks are not going to stop anytime soon.
“These attacks will continue,” Zanni said. “They need to be protected, whether their system is new or old.”
So how can the public sector protect itself from cyberattacks?
First is understanding exactly what a cyberattack is.
There are a lot of different cyberattacks including:
- Malware — this is when a malicious software, including spyware, ransomware, viruses and worms, breaches a network through a vulnerability. The attack usually happens after a user clicks on a dangerous link or installs risk software.
- Phishing — this when a hacker sends fraudulent communications that seem to be from a reputable source, usually through email. The goal is to steal sensitive information such as credit card numbers and usernames and passwords or to install malware on the computer.
- Man-in-the-middle (MitM) — this is also known as “eavesdropping attacks” these happen when a hacker inserts themselves into a two-party transaction so they can filter and steal data. This usually happens when you use an unsecured Wi-Fi or after malware has been installed on the device.
- Denial-of-service — this is an attack that floods systems, servers or networks with traffic in order to exhaust resources and bandwidths. This can result in the system being unable to fulfill legitimate requests.
- Structured Query Language (SQL) — this is when an attacker puts malicious code into a server that uses SQL forcing it to reveal information it normally would not.
- Zero-day Exploit — this is when an attack hits the network after a vulnerability is announced but before a solution is implemented.
FUSD experienced a ransomware attack where the hacker demanded payment in bitcoin in exchange for the data, according to district officials.
According to Zanni, hackers usually attack schools for money and fame, plus they are more vulnerable. If they wanted information, that’s when they would attack other public entities such as government departments.
“There’s lots of schools so it’s a volume play. You might not make $5 million, but you make $80,000 here, $80,000 there, $100,000 there and it adds up and it’s easier,” he said. “The second thing is you get the publicity. These guys, a lot of them, they want the world to know they’re causing this disruption. That’s why the public sector, including schools, become a target is because it becomes a media sensation and they love that.”
Next is finding a good anti-ransomware solution. Acronis SCS offers one that has a backup component so if something does happen you can easily recover that content, but there are other protection software such as Bitdefender, ZoneAlarm, Symantec and more.
“The next piece is really to have a good anti-ransomware solution — like the one we provide — so that it can catch these attacks when they happen,” Zanni said. “That’s a really important component, they’re not expensive, they’re fairly easy to install.”
Zanni also recommends creating segmented networks.
“Segmenting your networks so that you isolate more critical systems, that’s something the IT department can control,” he said. “Sometimes it’s a little costly but it’s a good practice. For example, within our own company, we have four separate networks. One for our developers that have our most sensitive code, one for devices that are owned by the company, one for employee devices like mobile phone and then one for guests. So that way if a guest comes in and compromises the system, it only gets through the guest network which has no access to our internal systems.”
Bust lastly is always making sure the organization keeps their systems up to date.
“They need to be protected, whether their system is new or old. The other thing is they should challenge their IT guys or their consultants that are doing the implementation for them with the type of tool they’re using,” Zanni said. “They need to be diligent and have the companies prove that the solution they say they have, they actually have.”
“The only way you can really protect yourself is to have a really modern anti-ransomware solution that uses different capabilities mostly based on artificial intelligence to catch all of these attacks,” he said.