Rick Vanover, Veeam’s Senior Director of Product Strategy, recalls that digital technologies are widely used in public institutions and across all fields. He said public institutions are also facing the threat of ransomware.

“When a citizen interacts with a government agency, some of their personal information is often obtained and stored,” says Rick Vanover.

“This poses the threat of exposure of both corporate data and citizen information through ransomware attacks. Owning a lot of citizen data, from motor vehicle registrations to photo ID documents, puts government agencies in a more risky position than private companies. In a recently published Maximus study, 91 of US government employees surveyed said they “own all, most, or some of their cloud solutions and systems.” Today’s work-from-home environment, which arose with the pandemic, has led to the development of cloud capabilities and accordingly, SaaS has become a necessity for both the government and private sector. On the other hand, while the US federal government’s spending on cloud computing is estimated to exceed $6 billion in 2020, this figure is expected to increase in the future.

As we improve how and where we store personal data, our enemies are developing the tools they use to access it, and with the proliferation of personal information stored in the cloud, adversaries are targeting cloud features more often. The Office of Personnel Management’s recently released telecommuting guidance recommendation to extend the reach of telecommuting represents continued reliance on the cloud and SaaS, along with the potential for cloud-focused ransomware attacks. In addition, it is estimated that by 2025, 75 of IT organizations will experience at least one ransomware attack, making it more important than ever for organizations using SaaS and cloud programs to back up their data. .”

“How can government agencies be sure they are protecting and backing up data?”

Cloud and SaaS capabilities remain the main focus of government agencies, so how can government agencies ensure they protect and back them up to prevent ransomware attacks? Rick Vanover’s suggestion is as follows;

To effectively protect cloud-hosted data and related web-based software, government agencies need to know their enemies, implement strong backup infrastructure, and implement processes that make it easier to deal with the aftermath of an attack.

Ransomware attacks usually target remote access methods that are not built securely, exploit phishing attacks, or system vulnerabilities. That’s why organizations need to take preventive action against ransomware by implementing secure remote access, training employees in phishing, and ensuring that systems and software are always up-to-date. In addition, the best defense against these attacks is a strong backup infrastructure and data protection system, as ransomware agents try to block system access in exchange for payment.

Implementing multi-factor authentication for SaaS applications can strengthen data protection as it strengthens accessibility requirements. It goes without saying that data should always be backed up, but it is especially important to keep cloud-based data backups on devices that are not connected to a network. Veeam’s 2021 Cloud Trends Report also shows that more than half of SaaS executives agree that data must be backed up to protect an organization from a cyber incident. While many government agencies already use data encryption, they should take this practice a step further by encrypting backups for an extra layer of security.

Unfortunately, no matter how prepared institutions are, ransomware attacks can still happen in the years to come. It is therefore worth remembering that it is imperative that the state be prepared to handle a successful attack and set up the necessary processes.

To do this, government agencies must first establish an emergency contact list that specifies who and how to contact the IT teams, employees, and external resources needed for security, incident response, and identity management. A quick response can help minimize the risks of lost data and ensure that critical data is recovered more effectively. If data loss affects citizens and their personal information, interagency cooperation will also be possible to ensure that appropriate measures are taken to protect data subjects.

“Rebuild and reboot after ransomware attack”

Ideally, government agencies should not experience an increase in ransomware attacks on cloud capabilities, even as systems are more likely to come under pressure from the increase in remote working. Settings to be careful; they must take steps such as recognizing potential enemies, implementing strong backup infrastructure, and establishing processes to handle an attack.

Source: (BHA) – Beyaz News Agency