Public sector must remain diligent as cloud and ransomware intersect

When a citizen interacts with a government agency, personal data is provided and stored.

This bureaucratic procedure creates the situation where ransomware attacks are threatening the exposure of both internal government agency data as well as citizen information.

Being the proprietor of citizen data – from motor vehicle records to photo identification documents – puts government agencies in a more precarious position than private companies.

The Australian Government has been embracing the cloud with no signs of slowing down.

Research findings provided by GlobalData forecasts that public cloud services, including SaaS, PaaS and IaaS will account for more than half of the market by 2025.

The work from home environment that the pandemic cultivated caused cloud capabilities and by extension, SaaS, to be a necessity for government and private industries.

Further, it is estimated that Australian enterprises will invest almost $20 billion on cloud computing in the next three years – a figure that is expected to increase in the future.

As we evolve how and where we store personal data, our adversaries too evolve the means in which they target it. And, because of this increase in personal information being stored on the cloud, bad actors are more frequently targeting cloud capabilities.

The recommendation to increase telework access for hybrid work leads to more reliance on cloud and SaaS, and the accompanying potential for cloud-targeted ransomware attacks.

According to the 2022 Veeam Data Protection Report, 99% of Australian organisations experienced unexpected system outages throughout the past 12 months.

It’s very essential for agencies using SaaS and cloud programs to back up their data.

A three step process for government agency resiliency

Cloud and SaaS capabilities will continue to be staples for federal agencies so how can the government make sure they protect and backup data to prevent ransomware attacks?

For government agencies to effectively protect cloud-hosted data and the associated web-based software, they need to know their opposition, implement a strong backup infrastructure, and deploy processes to deal with the aftermath of an attack.

Ransomware attacks tend to go after remote access methods like Remote Desktop Protocol (RDP), utilise phishing attacks or capitalise on system vulnerabilities.

By incorporating RDP backups, training employees about phishing and ensuring systems and software are always up-to-date, agencies can take a preventative stance against ransomware.

Because ransomware agents seek to block system access in exchange for payment, the best defense against these attacks is a strong backup infrastructure and data protection system.

Implementing multi-factor authentication for SaaS applications can strengthen data protection because it strengthens accessibility requirements.

While it goes without saying that data should always be backed up, it’s important that cloud-based data backups are stored on devices that aren’t connected to a network.

According to Veeam’s 2021 Cloud Trends Report, more than half of SaaS admins agree that data should be backed up to protect an agency against a cyber event.

And, while many government agencies already utilise data encryption, they should take that practice a step further by encrypting backups for an added layer of protection.

Unfortunately, no matter how well agencies are prepared, ransomware attacks are still likely to occur in the coming years. Therefore, it’s imperative that government is prepared to handle a successful attack and has the necessary processes in place.

For starters, government agencies should have an emergency contact list prepared that identifies who and how to contact the necessary Information Technology teams, employees and external resources in security, incident response and identity management.

Prompt response can help to ensure that the necessary data is more effectively recovered as well as aid in minimising the risks related to the data that has been lost.

If the data loss impacts citizens and their personally identifiable information, cross-agency collaboration can ensure the appropriate measures to protect those that are affected.

After a ransomware attack, rebuild and start again

Ideally government agencies won’t see an increase in ransomware attacks on cloud capabilities even as systems more frequently leverage them because of the uptick in remote work.

To remain vigilant, they should know their potential enemies, implement a strong backup infrastructure, and deploy processes to deal with the aftermath of an attack.

Gilberto Vega is the Chief Information Security Officer at Veeam Software