How to prepare for ransomware attacks

Cybehave has a semi-monthly newsletter we send out to interested people. The newsletter is in Norwegian but published through Google Docs, which has built in translation. This month we focus on ransomware, following the incidents in several US cities lately

Threatpost story.

The Cybehave security letter:

Our security note announcement on Twitter

Summary: ransomware in public sector an increasing threat?

A municipality is considering threats to processing applications for building permits. They have come to the conclusion that the risk contribution from different threat vectors looks like this: 

The analysis is carried out using Cybehaves RIskTool. They have also broken down the risk picture of some classes of input variables that are necessary in case processing: 

Based on this analysis, the municipality chooses to focus on securing core tools first, then extra focus on case managers. With the help of action planning in RiskTool, the municipality gets help in choosing good security measures for its core systems. 

The action plan includes: 

  • Getting an overview of all systems used in the workflow, giving ownership of these. This is an important part of good security management and the foundation for ensuring that the systems are up-to-date, that the right people have access (and not unauthorized) and that anyone at all follows up that things are working properly. 
  • Introduce two-factor authentication. This means that you must have an extra code as in BankID, or approve via an app on your phone in addition to user name and password. This prevents an attacker who has stolen or guessed a password from being accessed. 
  • Introduce structured data backup, which includes logging and recovery testing. This means that if you have data loss, for example due to cryptovirus, these can be restored without undue loss of data or time. You also don’t have to pay criminals to get back data – money that would have gone to further criminal activity such as human trafficking, drug crime or further cybercrime.

One month after the security assessment, these measures are in place – and the municipality can be quite confident that they will not suffer the same fate as the cities in the United States that were exposed to ransomware.

Success! You're on the list.

You can read more about RiskTool here.

Leave a Reply