Key steps governments can take to guard against malware attacks

2020 saw governments globally report more than 100 significant cyberattacks. In the United States, a major cyber-offensive was launched against multiple government agencies, including the Department of Homeland Security, with the extent of the attack and damage still unknown.

Ashley Lukehart

March 8, 2021

4 Min Read
Key steps governments can take to guard against malware attacks

These statistics show that government agencies, even the most sophisticated ones, are not immune to cyberattacks, including malware attacks.

What is a malware attack?

A malware attack is a catch-all term that describes any cyberattack using harmful programs like viruses, trojans and worms to damage a single computer, server or network.

In general, any software whose intended purpose is to harm is considered malware, regardless of which technique it uses to cause harm, whether ransomware, keyloggers, adware, rootkits or cryptojacking.

Governments and government agencies are increasingly becoming malware attack targets owing to the vast amount of data they collect. In 2018, 1.2 billion government records were breached, accounting for 95 percent of all breached records, alongside the retail and technology industries.

Recent government malware attacks in the United States

  • February 2020: The U.S. Defense Information Systems Agency suffers a data breach exposing an unspecified number of individuals’ personal information.

  • April 2020: Amidst the COVID-19 pandemic, a surge of attacks hit U.S. pharmaceutical manufacturers, health-care providers and the U.S. Department of Health and Human Services.

  • May 2020: Hackers attempt to steal U.S. research into a coronavirus vaccine

  • September 2020: Universal Health Systems, an American health care firm, sustains a ransomware attack forcing it to revert to manual backups, reschedule surgeries and divert ambulances.

  • October 2020: Hackers target the U.S. Census Bureau in a possible attempt to compromise census infrastructure, alter registration information, conduct DoS attacks or collect bulk data.

As one of the hardest-hit sectors, city and county governments should take a firmer cybersecurity stance to prepare for potential malware attacks. Here are five steps city and county governments can take to avert potential malware attacks and protect their data and infrastructure.

1) Perform regular backups

Backups offer the best means of recovering from an attack. If a ransomware attack occurs, infected files can be quickly deleted and back files restored. For effective backups, consider maintaining an offline/offsite hard drive backup or use a cloud backup solution specifically designed to withstand malware attacks like ransomware (through multiple redundancies/mirror sites, for example).

2) Stop malware from spreading

When malware spreads easily, it can infect hundreds or even thousands of computers, servers and networks within minutes. Just like a virus affecting humans, preventing malware from spreading is the best way to disarm it. Use mail filters, intercepting proxies, security gateways and safe browsing lists to limit malware spread within your organization and from your organization to others.

3) Initiate device-level protection

Malware is software, so it requires permission to execute on a device. Use device-level protection to limit device privileges and restrict what programs can run and what apps or software can be installed. Device-level protection also works by restricting scripting environments and macros and disabling autorun for any mounted devices, including peripheral devices like mice and keyboards.

4) Have an incident plan

Preparation is the best form of defense. Create an incident plan that maps out all critical assets, determining what impact an attack would have on them. In the plan, anticipate an attack, no matter how unlikely, and identify communication strategies and steps to take in case of an attack. Make sure to run periodic drills of the incident plan to ensure everyone understands what to do.

5) Educate and train your staff

Most malware attacks rely on human error and complicit cybersecurity behaviors. You might have the best plan in place, but it will not work if your team does not follow the guidelines. Add training and sensitization at the top of your malware attack prevention plan to ensure employees do not become the weakest link in an otherwise robust security protocol chain.

Malware attacks continue to grow in number each year. While criminals are becoming more targeted and precise, the probability of an attack will continue to rise. Government agency leaders must remain vigilant and follow their enterprise counterparts’ cues—not taking cybersecurity for granted.

While it might be impossible to avert an attack, it is possible to blunt its effect, and following the steps above is one way to ensure your government agency bounces back unharmed.

 

Ashley Lukehart has been writing about the impact of technology and IT security on businesses since starting Parachute in 2005. Her goal has always been to provide factual information and an experienced viewpoint so that business leaders are empowered to make the right IT decisions for their organizations. By offering both the upsides and downsides to every IT solution and consideration, expectations are managed and the transparency yields better results.

About the Author

Ashley Lukehart

Ashley Lukehart

See more from Ashley Lukehart
Subscribe to receive American City & County Newsletters
Catch up on the latest trends, industry news, articles, research and analysis for government professionals
Sign me up

Galleries

Pexels
Public Administration & Governance
A new dashboard tracks early voting for the 2024 election. These 10 counties have cast the most votes so farA new dashboard tracks early voting for the 2024 election. These 10 counties have cast the most votes so far
byRyan Kushner
Oct 21, 2024
10 Slides
thumbnail
Economy & Finance
Here are the 10 most competitive rental markets in the U.S.Here are the 10 most competitive rental markets in the U.S.
byRyan Kushner
Oct 7, 2024
10 Slides
thumbnail
Sustainability
Cycling, recycling and green space: these are the top 10 most sustainable cities in the U.S.Cycling, recycling and green space: these are the top 10 most sustainable cities in the U.S.
byRyan Kushner
Aug 30, 2024
10 Slides
thumbnail
Water & Sewer
These states ranked the best for drinking water quality in 2024These states ranked the best for drinking water quality in 2024
byRyan Kushner
Aug 16, 2024
10 Slides

Co-op Solutions

sustainability
Sustainability
In 2025 more cities will team up for climate and sustainability solutions on a regional basis
In 2025 more cities will team up for climate and sustainability solutions on a regional basis

Nov 19, 2024

Workforce
When they search for new staffers, cities and counties should cast a wide net and recruit globally
When they search for new staffers, cities and counties should cast a wide net and recruit globally

Nov 11, 2024

Ransomware presents a growing threat to vulnerable local governments
Government Technology
Ransomware presents a growing threat to vulnerable local governments
Ransomware presents a growing threat to vulnerable local governments

Nov 6, 2024

A trusted technology partner can help cities and counties achieve their digital vision
Sponsored Content
A trusted technology partner can help cities and counties achieve their digital vision
A trusted technology partner can help cities and counties achieve their digital vision

Nov 1, 2024