Back to Perspectives
Tribal Ransomware Attack
In December 2019 a Native American tribe declared a state of emergency when they were forced to proactively shut down Tribal systems in order to contain a ransomware attack. Initially this particular attack appeared to be an insider threat as it originated internally when an employee logged into the travel network, deploying the ransomware that infected all Tribal systems. A few days later an investigation confirmed that the attack was an inside job perpetrated by a Tribal member and former IT employee who was then charged with felony tampering with public records and felony obstructing government functions. This incident raises concerns about your own systems and their vulnerability to insider threats and ransomware. Tribes are especially vulnerable as they often operate multi-million dollar enterprises, managing economies that rival those of foreign nations. Having said that, even Tribes that don’t operate on that scale need to be cognizant of these risks and prepare for the potential threats. Prevention is a strong part of any strategy. In order to help prevent insider threats, here are five tips:
- Know and protect your critical assets.
- Develop a formalized insider threat program.
- Clearly document and consistently enforce policies and controls.
- Deploy solutions for monitoring employee actions and correlating information from multiple data sources.
- Incorporate malicious and unintentional insider threat awareness into periodic security training for all employees.
- Do not pay the ransom.
- Ensure you have backups that are tested regularly and sent offsite.
- Establish a cybersecurity training program that trains your employees how to identify phishing and social engineering tactics.
- Use reputable antivirus software and firewalls.
- Ensure all software is kept up to date.