As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories—JP Perez-Etchegoyen, the CTO of Onapsis, offers insights into the implications that recent cyber-attacks in Costa Rica might have on critical infrastructure security strategies.
It’s been several months since Costa Rica officially declared a state of emergency while dealing with the repercussions of two major ransomware attacks. Hackers had threatened to overthrow the government and demanded millions of dollars in ransom, all while health officials could not access medical records, and tax systems were frozen for weeks. The aftermath of the Costa Rica attacks underlines how it’s no longer just about stolen data but also about how attacks against critical systems can have real-world implications.
We’ve repeatedly seen similar cyber-attacks on critical infrastructure and against government organizations, and it’s apparent that modern threat actors possess the tools and knowledge to conduct highly sophisticated attacks. A lack of preventative measures and remediation plans can cause detrimental damage to a national government, its critical infrastructure, and its citizens.
Below are several best practices and essential tips governments and organizations should follow to prevent an attack against critical systems and quickly remediate if an attack occurs.
Enforce Specific Government Regulations
The initial Costa Rica ransomware attack occurred shortly after the newly appointed president, Rodrigo Chaves, took office, exposing a glaring gap in the country’s cyber incident reporting. The administration prior had not revealed just how damaging the incident was, stating it was simply a technical issue. This emphasizes how a lack of cybersecurity incident disclosure and transparency can have disastrous effects and worsen the situation.
Governments must impose highly-specific regulations that force organizations to report all cybersecurity incidents, regardless of scope or severity, and adhere to these best practices. The U.S. has made critical advancements in this arena in the past couple of years and some examples other governments should model include:
- The U.S. Cyber Incident Reporting Act brings greater transparency and visibility into all cyber incidents, ensuring a cyber-attack doesn’t slip through the cracks.
- The U.S. Executive Order on Improving the Nation’s Cybersecurity enforces more robust security standards within the federal government and information sharing between the government and private sector, among other criteria.
Even if governments do not create their guidelines, they can follow best practices and frameworks that other governments and entities have already developed and shared. For instance, resources provided by the National Institute of Standards and Technology (NIST), MITRE, Cybersecurity and Infrastructure Security Agency (CISA), or the U.S Department of Energy, to name a few, share great cybersecurity recommendations and advice for both public and private sector organizations.
Deploy Defensive Cybersecurity Tools
The root cause of the Costa Rica attacks comes from a lack of proactive processes and technology that can prevent cyber-criminals from gaining access to critical government applications. While there are innumerable ways an attacker can enter a system, known vulnerabilities provide an easy entry point into the government’s mission-critical operations and sensitive data. To this end, one of the key strategies and best practices to employ is robust patch management.
Many organizations often delay applying patches, even when they are issued. However, it is recommended that patches are implemented immediately upon release, as 87 percent of enterprises report experiencing an attempted exploit of an existing or known vulnerability. Modern vulnerability management platforms that help companies detect and identify critical system flaws are also essential. These tools can help organizations identify missing patches, hidden assets, misconfigurations, and authorization issues within their IT ecosystem. Threat actors are always on the lookout for these specific factors in attempts to compromise business-critical systems, and often, they succeed.
Adopt a Comprehensive Remediation Plan
Implementing cybersecurity precautions that can help deter attacks against critical systems is a core component of a robust security plan. Still, the reality is that today’s cyber-criminals own the capabilities to enter systems despite the security tools in place. For a quick post-attack recovery, government agencies should proactively create comprehensive incident response plans focusing on attacks against business-critical applications. This starts with obtaining a full view of the IT landscape and keeping a complete record of all applications, users, and data within to ensure they are all well-protected.
Incident response playbooks that outline what-if scenarios will also enable IT to prepare for any types of attacks once they occur. This will reduce the time spent remediating post-attack and prevent any critical interruptions to business continuity, as witnessed with the Costa Rica attacks. The Costa Rica incident will go down in history as one of the most catastrophic cyber-attacks. The above recommendations are only a few of many other improvements government organizations can make to enhance their cybersecurity incident prevention and response efforts. While the country is still recovering, other governments can learn from these events by advancing their cybersecurity postures to ensure their business-critical applications and citizens remain safe.