Best practices for public sector organisations to avoid and quickly recover from cyber and ransomware attacks
In its 2022 annual review, the National Cyber Security Centre (NCSC) advised that over the past 12 months, businesses and organisations in the UK reported hundreds of cyber incidents, many of which were ransomware attacks. In 2021 there was a joint advisory from the NCSC and its international partners on this increased global threat. Fast forward to this year, and while the number of attacks may be down overall, the threat remains serious – especially for public sector organisations which can be open to many more threat vectors due to their size, the number of users and internet-connected devices. Compounding that threat is the fact that ransomware attacks continue to evolve.
Data storage can play an important role in facilitating a rapid recovery from a ransomware attack
Unfortunately, despite the best efforts of cybersecurity teams, it can be exceptionally difficult to keep determined attackers out. For this reason, it’s imperative that public sector organisations have a strategy for mitigating the impact of cyber and ransomware attacks. This should form part of their cybersecurity preparedness plans – the first stage of recovery when all else has failed. Data storage can play an important role in facilitating a rapid recovery from a ransomware attack – a fact that is becoming more well-known.
Five main considerations for public sector organisations looking to implement cybersecurity best practices
Implement an active threat and vulnerability management program
- Before an attack, adversaries are doing their homework: learning about your organisation to understand the size and scope of their opportunity. They will often try to discover cybersecurity insurance limits, your organisation’s critical operations, and where and to whom services are provided, all to understand where an attack can do the worst damage.
- Armed with that information, the attackers can plot a course to force a ransom payment. That’s why it’s critical that organisations do their homework too. Stay current on cyber events disrupting different geographies, industries, and groups, and stay informed on the attacks most likely to impact your operation. Armed with that background, it’s possible to prepare internal or external cyber threat management teams and educate employees about what to look out for and how to navigate issues.
Focus on security attacks before they happen
- With any security event, there’s a before, a during, and an after. To cushion and/or prevent the blow of the latter two, it’s vital to understand and be prepared for the events leading up to an attack. To proactively bolster your defences and quickly respond to an attack, consider the following: ensure good systems hygiene using a well-defined, active patch management program, use multi-factor authentication and admin credential vaulting, provide consistent logging across environments, and implement a fast analytics platform for log data to help run fast searches and event correlation to identify signs of potential threat actors in your environment before they strike.
Attacks are getting more complex: enhance the protection of data
- When it comes to cybersecurity, attack prevention is only half the battle. Data protection strategies can’t just cover the before an event, they must provide contingencies for recovery after an event as well. Implementing a multi-tier data protection and resiliency architecture is an excellent way to build resilience and durability into a recovery strategy. Tiered backup architectures use different logical and geographic locations to meet diverse backup and recovery needs. They also help to ensure that the appropriate recovery time objectives are met by offering a host of features that help the organisation get back up and running as quickly as possible after an attack has taken place.
Treat public sector data as a first-class citizen
- Why aren’t we working harder to keep data safe if data is so valuable? Apparently, we’re making strides towards getting better at it. As IDC notes, “By 2024, due to an explosion of edge data, 65% of the Forbes G2000 index (an annual ranking of the top 2000 public companies worldwide) will embed edge-first data stewardship, security, and network practices into data protection plans to integrate edge data into relevant processes.” Data security is equally relevant to public sector organisations, who increasingly rely on it to design and deliver new public services that can improve people’s lives. The recently published UK Government Cyber Security Strategy – building a cyber resilient public sector has set out a clear goal “for government’s critical functions to be significantly hardened to cyber-attack by 2025, with all government organisations across the whole public sector being resilient to known vulnerabilities and attack methods no later than 2030”.
Consider ‘snapshots’ as a means of defeating ransomware attacks
- Restoring data as soon as an attack has been detected for public and private sector organisations is the key to recovering quickly from a ransomware attack. This means using ‘snapshots’ and backups for the ability to restore from them quickly.
- Snapshots provide a record of the system state and data and are taken at frequent intervals, allowing an organisation to restore to a previous configuration with a high degree of granularity. Snapshots are designed to be taken with minimal impact on production systems. Data can usually be restored from snapshots quickly, while organisations can typically keep snapshots dating back around two months.
Cutting-edge data storage software can create an immutable snapshot to protect an organisation’s data – one that can’t be deleted, modified or encrypted by ransomware. In the event of an attack, even though an intruder can still gain access to an organisation’s encrypted data, they can’t delete data snapshots as they’re locked and protected. The end result is no or minimal disruption and the ability to recover without paying a ransom.
Resilience and agility are the keys to public sector cyber defence
The need for constant re-evaluation of cyber security
The constantly evolving nature of cyber-attacks and demands means that organisations continually re-evaluate their security approach and tooling. It’s essential that public sector organisations double down on building resilience and agility across their function – not only for data but for the business overall. By future-proofing critical IT infrastructure and implementing a modern data protection strategy with effective processes to safeguard application data, organisations can create a meaningful approach to backup and recovery.
This piece was written and provided by Shaun Collings, UK public sector manager, Pure Storage