Ransomware attacks are on the rise and adversaries are developing more sophisticated cyberattacks, but Federal cyber experts agree that “the vast majority” of ransomware attacks active today can be prevented by good basic cyber hygiene practices.
Matthew Swenson, chief of the Department of Homeland Security’s (DHS) Cyber Crime Unit at Homeland Security Investigations (HSI), stressed during an August 19 GovernmentCIO webinar that although ransomware actors are getting “more sophisticated” with their methodologies, basic cyber hygiene is still the answer to preventing these types of attacks.
Ransomware actors now have the “ability to move laterally,” but the attacks are not usually a “crazy exotic-type attack,” according to Swenson.
“If you look at the most major ransomware attacks that have occurred, basic cyber hygiene could have prevented the vast majority of them, so, killing their ability to move laterally,” Swenson said. “Heavy network segmentation, network security monitoring, zero trust models, multi-factor authentication, all those types of things.”
“I think you start from the basic cyber hygiene, work your way up, and as you start to prevent just those basic things and get more and more secure, I think you do end up preventing the vast majority of these types of attacks,” he added.
NASA has also focused on basic cyber hygiene exercises, such as protecting email, according to Mike Witt, associate CIO for cybersecurity and privacy at NASA.
“We put a lot of protective capabilities in place, especially around our email, because that is probably the most specific threat vector that’s being attacked these days with ransomware,” Witt said. “We’ve been very aggressive on what email we allow to come into our network, but we’ve also done the vice versa. We’re also aggressive on what email we actually allow out of our network from that standpoint.”
NASA has also done cyber training and education with its employees to ensure that every employee recognizes a cyber threat, according to Witt.
“If something slips in, it really comes down to the users to recognize, you know, not to click on something from that perspective,” he said.
The Department of Defense is also focused on stopping ransomware actors’ lateral movement, according to Lance Cleghorn, digital services expert at the Defense Digital Service.
For example, Cleghorn said his agency is focused on “limiting user permission, so the ransomware can’t actually encrypt network storage, or backing up network storage and not allowing access to the backups to anything other than service accounts.”
“We’ve seen a lot of the ransomware has been drive-by downloads and sort of not extremely targeted when it comes to DoD, so that’s really been our saving grace,” he added.
Going forward, Swenson his agency has changed its mindset from trying to help agencies whose networks are already compromised, to helping agencies prevent ransomware attacks before they occur.
That basic cyber hygiene will be key in preventing future ransomware attacks, and Swenson said his agency can “do the most good” if it can notify agencies “before these attacks occur.”