Seven Steps to Mitigating Ransomware and Cybersecurity Attacks

by Suresh Geer

If COVID-19 hadn’t brought awareness to how vulnerable tribes are to disrupting events, the recent rash of ransomware attacks on several tribes and their business operations certainly has. According to the cybersecurity firm SonicWall’s 2021 report, ransomware attacks rose overall by 62% between 2019 and 2020 (and by 158% alone in North America), and are expecting to continue to rise this year.

Tribes can expect more threats as their prominence and success make them a more attractive target of many of the “usual suspect” countries where many of the most renowned attacks originate. Tribes are now faced with an ultimatum – either invest in security measures that protect their networks and data, or face the wrath of cyber and ransom attacks. The question is not if they will be attacked but more a question of when – and will they be ready?

The following is an outline of steps tribes can take to mitigate these risks across government and business operations.

Multi-factor authentication (MFA) as part of an identity and access management solution, can help prevent some of the most common and successful cyberattacks by
forcing the attackers to authenticate more than one set of credentials to gain access to a tribe’s system and data. MFA mitigates the risks of:

Phishing: Attackers use email addresses and deliver an urgent message to respond to.

Spear phishing: Targets a small group of individuals with well crafted, relevant, and believable messages to obtain user credentials.

Keyloggers: An email is sent with a link or imbedded message that when opened installs a program/virus that captures every keystroke on the user’s computer, including sites visited, usernames, passwords, etc.

Credential stuffing: Hackers use stolen credentials to gain access to accounts of users that use the same password on multiple accounts

Brute force and reverse brute force attacks: Tries to access user credentials by using a program to generate possible usernames and passwords.

Man-in-the middle attacks: A program that is accessed by an unsuspecting user such a fake Wi-Fi connection that gathers login credentials that the user enters.

Employee cybersecurity training that includes the basic cybersecurity training such as not opening an email with incorrect spelling, appears to include a different language or has an unknown return address. For the training to be impactful, it needs to be understood and repeated. That’s especially critical in tribal organizations with high turnover rates to keep all employees trained. A successful training program also needs to be updated on a frequent basis to cover constantly evolving threats.

Penetration testing, otherwise known as ethical hacking or red team exercises, are simulated attempts to compromise a tribe’s business processes and data to provide a comprehensive assessment of the security capability of their systems. These exercises highlight vulnerabilities and help you get an understanding of the risks and exposure that you might be facing. Exercises may range from adding harmless malware via a USB key and creating simulated phishing emails to looking for insufficient updates and improper protection processes.

Implement real time detection capabilities so you don’t learn about an attack weeks or months later. Security attacks may go undetected with the use of traditional end-point protection tools such as firewalls and anti-virus software since they are reactive security measures that have been developed to counter known security threats. Real time detection and monitoring technology applications are advanced technologies that go several steps further by using more proactive technologies – such as machine learning and behavioral analysis – to identify new potential or complex threats. These tools look for and identify applications that resemble ransomware and block external IP addresses outside of the U.S. that may pose a threat. As cybersecurity hackers invest time and resources to outwit sophisticated security measures, a corresponding investment in tribal information security systems need to be made to counter these threats.

Patch and update systems so hackers can’t exploit vulnerabilities in systems, applications and processes. Patches and updates in software systems fix code defects that have been identified over time. If left undetected, security can be left vulnerable for years before they are patched. Having a member of your IT team monitor software and push down updates and patches are integral parts of your tribe’s security stance.

Cybersecurity insurance coverage should be included when tribal governments and their business entities are performing their annual insurance renewal process. Although premiums are increasing along with attacks, appropriate coverage is important so that tribes aren’t left in a vulnerable security posture with much to lose.

Test your backup and recovery capabilities to avoid being extorted by a ransomware event. Some ransomware attacks look for backup files to encrypt, not allowing access to any data including backups until the ransom is paid. Tribes and tribal entities should have a proven data backup recovery process that includes air-gapped, immutable data protection. Air-gapped, immutable backups are offline copies of data that is always recoverable and secured. These backups cannot be altered or changed and by keeping an archive of immutable backups you can guarantee recovery from a ransomware attack by finding and recovering the last clean backup.

As the past has shown us, no single cyber solution is 100% fool proof, but ensuring the risk is mitigated by employing the above steps goes a long way in advancing a tribe’s security posture.

Suresh Geer is Industry Leader and Director of the Organizational Performance, Tribal Practice at Wipfli. He can be reached by calling (404) 420-5695 or email [email protected].