Читать книгу Cyber Mayday and the Day After - Daniel Lohrmann - Страница 19

In 2021, adversaries upped their game with more sophisticated tactics and ambitious targets. As government organizations reeled from the impact of a global pandemic, the timing was ripe for another banner year for well-resourced cyber criminals and ransomware. One industry report, “The State of Ransomware in the US: Report and Statistics 2020,” noted that 2,354 local governments, healthcare facilities, and schools were impacted by ransomware attacks in 2020.⁶ For cyber criminals, government organizations pose an attractive target because they are often resource-constrained and maintain lots of valuable information such as Social Security numbers, birth and medical records, and financial account details. Faced with disruption of essential services to the public, government agencies are often faced with a tough decision – pay or try to restore their systems on their own.

On Christmas Day, 2020, the Albany (NY) International Airport was subject to a ransomware attack, and later paid a ransom to restore access to their data. The ransomware, attributed to a Russian threat actor, had spread to the airport's servers and backup servers from a managed service provider's systems. While the incident reportedly did not impact airport operations, TSA or airline computers, or expose sensitive data, it illustrated the need for organizations to exercise vigilance in protecting against such attacks and manage third-party/supply chain cyber risk exposure.

Some of the top takeaways from these New York State incidents include the importance of good cyber hygiene, due diligence, vigilance, and resilience. Keeping systems patched/current, secure design and configurations, access management – strong identity verification, authentication, and tightly managed privileged accounts, security awareness training to help users recognize phishing emails and other forms of social engineering, continuous monitoring and detection capabilities, solid backup and recovery platforms that assure rapid restoration of critical systems, and other protections can dramatically reduce the likelihood that ransomware will impact your organization's operations.