Sage Advice - Cybersecurity Blog

5 Lessons Learned at our Ransomware Cybersecurity Summit

5-lessons-learnedLocal governments and school districts are falling victim to ransomware attacks with alarming frequency and devastating consequences. At any organization, having tools in place to improve cyber resilience is a necessity, especially as hackers get more sophisticated every day.

We recently welcomed almost 50 public sector professionals to our Yarmouth, Maine, office. Attendees from municipalities and school districts across Maine, New Hampshire, and Massachusetts gathered to learn about the cyber threat environment and processes that can be put into place to defend against and recover from a potential ransomware attack.

Here are the top five lessons learned at the event.

#1. Threat hunting can help you stop an incident before it becomes a breach.

Cybercriminals are extremely adept at obtaining access undetected. It’s common for an organization to be unaware of an intrusion for days, weeks, or even months. You can’t simply sit back and wait for an automated alert to let you know you’ve been breached. You need to actively seek out potentially malicious behavior on your network – searching to find Advanced Persistent Threats (APT) that evade existing security defenses.

Many IT and security teams are already stretched thin, so it can be difficult to effectively focus on hunting. Plus, it takes a highly trained professional to successfully hunt for threats and avoid the diminishing returns that come with going down rabbit holes. Threat hunters need to understand what they are reviewing and be able to read the context clues to piece an attack together.

As a result, many organizations are turning to Managed Detection and Response (MDR) service that utilize threat hunting techniques, like Tyler Detect, for a reliable and cost-effective solution. Partnering with the right MDR provider can allow a business to focus on their core competencies and still leverage all the cybersecurity advantages an in-house threat hunting team brings to the table for this critical functional responsibility.

Learn more in our Guide to Cyber Threat Hunting.

#2. Cybersecurity is not just about technology. It’s a culture you must develop.

Cybersecurity is an organization-wide function that must have top-down integration to ensure bottom-up participation. We meet this challenge by building a cybersecurity culture. Cybersecurity culture is one that continues your organization’s mission with only minor interruption despite (almost) constant attempts to disrupt it.

While technology is an important piece of your overall mission for cybersecurity, it should not drive the conversation or be considered without including your people and your processes.  You can spend money on expensive tools, but if they aren’t process-oriented or embedded in the cybersecurity culture of your organization, they will provide a false sense of security.

Build a cybersecurity culture in your organization so you can reduce risk and create a safer environment in which to fulfil the objectives of your business strategy.

#3. People are your first line of defense… and your weakest link. Train them well.

Your employees are an important first line of defense against a cyberattack. Unfortunately, they are also your weakest link. The most common attack vector is email – and many highly publicized breaches started with an unsuspecting person clicking on an email link.

Being aware is being prepared. Cybersecurity awareness training teaches your employees about the fundamentals of cybersecurity and the importance of data security. It can also help them recognize and respond appropriately to social-engineering attempts, like phishing and pretexting. 

There are simple tricks that will make your employees cyber champions! Make cybersecurity awareness training part of your annual curriculum.

#4. If hit with ransomware, paying the ransom is not your only option.

A recent report states that only 17.1% of state and local government entities that had their files encrypted in a ransomware attack actually paid the ransom. And with good reason. It takes time to establish a bitcoin account with a legitimate exchange. Transferring funds greater than $10k can take several days to process. Plus, paying the ransomware does not guarantee you will recover all your data. About 10% of your data becomes corrupt and cannot be recovered without backups.

There are a variety of controls you can put in place to defend against a ransomware attack. Here are a few examples:

  1. Segment your network to contain an infection by stopping the proliferation across your entire network. Segregate critical services with firewalls and workstations using built-in personal firewalls. If components of your network don’t need to interact or communicate, they shouldn’t be able to. Those that do should be permitted to interact via restricted channels, ports, or protocols. Make the business need your driver.
  2. Have a process that maintains current backups of all your important data. The backups should be “air-gapped” or stored on a locked-down vLAN that isn’t accessible from your network. Test the restore process frequently.
  3. Utilize a threat detection system, like Tyler Detect, for early detection and confirmation.

Taking a defense-in-depth layered approach – one that includes people, process, and technology – can help further you on your path to cyber resiliency.

5. Be prepared. No organization is immune to cyberattacks.

Most victims of breaches are not specifically targeted; they are an opportunity found through scanning research and reconnaissance efforts. Malicious actors are opportunistic. Much like a car thief looking for a car with unlocked doors, they scan for known vulnerabilities and use the same exploit over and over to break into networks.

It doesn’t matter if you’re a small town or major city. In April alone, there were 5 reported breaches in the public sector. And, most recently, Baltimore, Maryland, suffered a ransomware attack that will cost the city over $18 million.

Cybercrime is big business and a successful attack can be devastating. It’s imperative that your organization is prepared to detect and respond to a cyberattack.

Get the key steps to help your organization to recover from a ransomware attack.
Download our Ransomware Incident Response Checklist.


Topics: Cybersecurity Culture, Ransomware, Cybersecurity Awareness

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More