The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA),the Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) released new recommendations to help state, local, and tribal governments safeguard against ransomware, and urged governments to take “immediate action” to prevent attacks.
“The recent ransomware attacks targeting systems across the country are the latest in a string of attacks affecting State and local government partners,” the organizations said in a statement. “The growing number of such attacks highlights the critical importance of making cyber preparedness a priority and taking the necessary steps to secure our networks against adversaries. Prevention is the most effective defense against ransomware.”
CISA, MS-ISAC, NGA, and NASCIO recommended that government entities, and the wider cybersecurity community, take three immediate steps to ensure “resilience against ransomware.”
- “Back-Up Your Systems – Now (and Daily)
Immediately and regularly back up all critical agency and system configuration information on a separate device and store the back-ups offline, verifying their integrity and restoration process. If recovering after an attack, restore a stronger system than you lost, fully patched and updated to the latest version.
- Reinforce Basic Cybersecurity Awareness and Education
Ransomware attacks often require the human element to succeed. Refresh employee training on recognizing cyber threats, phishing and suspicious links – the most common vectors for ransomware attacks. Remind employees of how to report incidents to appropriate IT staff in a timely manner, which should include out-of-band communication paths.
- Revisit and Refine Cyber Incident Response Plans
Agencies must have a clear plan to address attacks when they occur, including when internal capabilities are overwhelmed. Make sure response plans include how to request assistance from external cyber first responders, such as state agencies, CISA, and the MS-ISAC, in the event of an attack.”
In terms of additional next steps, the groups said that after implementing their recommendations government entities should “refer to the ransomware best practices published by CISA, MS-ISAC, NGA, and NASCIO for additional steps to protect your organization.”
These recommendations come as numerous state and local governments across the country, including Louisiana, New York, Florida, and Georgia, have experienced ransomware attacks over the last few months.