Federal agencies need to rethink culture in the fight against ransomware

The federal government’s financial and operational stakes are at an all-time high. In its annual report, the FBI's Internet Crime Complaint Center revealed that government facilities were the third most targeted infrastructure sector by ransomware attacks in the U.S. in 2023. The IC3 received a staggering 1,193 complaints from various sectors, including 156 against government facilities. Furthermore, the IC3 reported a significant surge in scams impersonating government officials, resulting in devastating losses of $350 million. These figures underscore the pressing need for solid cyber risk management measures within the federal government.

Prioritizing risk management

Cybersecurity at the federal level is less about immediate actions and more aligned with long-term strategies that unfold within the boundaries of structured frameworks. This paradigm facilitates a systematic way to address and preempt cyber threats through established frameworks such as the National Institute of Standards and Technology guidelines, the Department of Defense's Cybersecurity Maturity Model Certification and others.

To that end, experts recommend a proactive cyber risk management model and cloud security as essential measures against the sophisticated threats ransomware groups pose. This consensus among cybersecurity professionals emphasizes the need for federal agencies to understand the techniques, tactics and procedures employed by ransomware groups.

A cornerstone of the recommended approach involves adopting framework-driven strategies that integrate specific defense mechanisms against identified threats. For instance, addressing the TTP wherein an unsuspecting click on a phishing email leads to malware infiltration requires a multi-layered risk management strategy. This strategy includes enhanced security protocols for email systems, robust boundary defenses to detect unauthorized access attempts and advanced network detection capabilities to identify and neutralize malware communications.

Agencies should also refer to the MITRE ATT&CK framework to identify specific threats of concern and then apply these insights to their network. By prioritizing and implementing appropriate controls in advance, they significantly enhance their defense capabilities against such threats. This proactive approach dramatically improves their chances of safeguarding against attacks, albeit it requires considerable effort.

Effective patch management is also essential in managing and mitigating risks associated with ransomware attacks. The 2023 Qualys TruRisk Research Report underscores the critical need for swift patch management, revealing that while vulnerabilities tend to be patched in 30.6 days, this only happens 57.7% of the time. However, ransomware groups weaponize these vulnerabilities within 19.5 days, opening an 11.1-day window for potential exploitation.

Why culture matters

Federal agencies must bolster defenses against ransomware threats through a strong cyber awareness culture, emphasizing cybersecurity as everyone's responsibility. This approach underscores the need to combine advanced technology with widespread vigilance and teamwork to counteract such threats effectively.

First and foremost, it is essential to acknowledge that altering the cultural fabric of any organization is no small endeavor. The process is gradual, often taking years to manifest tangible change. Leadership plays a pivotal role in this transformative journey, operating on the principle that change must be top-down and bottom-up.

The strategic plan for cultural transformation in cybersecurity must be comprehensive, embodying the essence of the agency's daily operations. This requires a clear roadmap outlining immediate, near and long-term objectives, effectively operationalizing the shift towards cyber risk management.

However, building a culture prioritizing cyber risk management is crucial and achievable. It requires integrating this mindset across the agency, making it everyone's responsibility, not just limited to IT staff. Encouraging interdepartmental collaboration and support helps manage risk significantly. To achieve this, recognizing and rewarding efforts in cyber risk management, whether through public commendations or team incentives, is vital in reinforcing this cultural shift and boosting morale.

Emphasizing interagency collaboration and intelligence sharing is also crucial to combating ransomware threats. By pooling and leveraging intelligence, agencies can strengthen defenses, identify vulnerabilities and adopt shared best practices for cyber risk management, playing a vital role in the federal fight against ransomware.

The future of ransomware

In 2024, cyber capabilities are being militarized, transforming from mere tools of espionage or vandalism into strategic weapons wielded by nation-states. For example, the U.S. sanctioned Russia in February for protecting the LockBit ransomware group. In this instance, LockBit orchestrated a ransomware attack targeting the U.S. broker-dealer arm of the Industrial and Commercial Bank of China. This year could see these types of ransomware attacks intensifying, standing out as a year potentially rife with cyber aggression owing to the compounded effects of geopolitical challenges.

Enhancing infrastructural and operational cyber resilience remains a distinct need in 2024, a year dominated by democratic elections around the world, ensuring the continuity of government operations during a ransomware attack. This resilience also pertains to electoral systems, where the integrity of democracy itself is at stake.

Collaboration emerges as another keystone of federal preparedness. Forging international partnerships and alliances for cybersecurity becomes indispensable in the face of ransomware threats that acknowledge no borders. These collaborative efforts must establish norms and concerted actions against cyber adversaries and pool resources, knowledge and strategies around managing cyber risk to foster a collective posture for national security.

Finally, the federal government must take actionable steps against ransomware threats through proactive risk management, strengthening cybersecurity culture at all levels, and fostering collaboration. Our national security, governmental continuity and democracy depend on it.