Frequently Asked Questions: Cybersecurity and Ransomware

Selectron is dedicated to understanding the cybersecurity landscape and its continual evolution. As government-focused cyberattacks continue to rise in 2024, we want to clarify some commonly used terms and help our clients and partners understand their place in the evolving landscape of cybersecurity.

Here are a few common terms and concepts:


What is a “threat actor?”
A threat actor (also sometimes called a malicious actor or bad actor) describes an individual or group who seeks to intentionally penetrate an organization’s security.  Threat actors seek to find and exploit any vulnerabilities they can to compromise an organization’s people, data, or technology resources. One kind of attack that is often leveraged against government entities by threat actors is called ransomware attacks.

What is “ransomware?”
Ransomware is a type of malicious software that infects a victim’s computer, smartphone, or network. The most common type of ransomware encrypts the user’s data making it nearly impossible for the owner or IT department to access it. Ransomware often spreads through phishing emails. Phishing emails appear to be from legitimate organizations but are intended to trick the user into clicking on a link to a malicious website or giving away sensitive information.  

What is the goal of ransomware attacks?
The goal of these attacks is to extort money from the victim. The threat actor will offer to sell the victim the decryption key to regain access to their data, device, or network. The threat actor may also threaten to release the data if the victim refuses to pay the ransom. Threat actors often target sensitive data like cardholder data, social security numbers, or other crucial Personally Identifiable Information (PII) to maximize the impact of a release to force the victim to pay the ransom.  

At least 45 government entities have been hit with ransomware attacks in 2024 alone.

Why are government entities a target?
Government agencies are a prime target for ransomware attacks because they hold large amounts of confidential personal records, cardholder data, and other sensitive, classified information. Additionally, many smaller government agencies have outdated infrastructure or less access to advanced security protocols or personnel. Sadly, they are at a disadvantage in keeping up with the evolving landscape of cyber security threats. This combination makes them a prime target.

What are some easy habits that improve security?

  1. Regular high-quality backups of important and sensitive data. Your Selectron solution is regularly backed up by our organization. However, we advise that you back up agency data to an external or cloud server. Follow the 3 2 1 rule of thumb. 3 copies, on 2 different formats or technologies, and at least 1 should be offsite. If your data is regularly backed up, you have more flexibility when addressing ransomware threats.
  2. Ensure that all operating systems, website browsers, anti-virus, and other software are up to date. These systems are regularly updated to include the latest protections against known vulnerabilities that can be exploited by viruses, ransomware, and malware.
  3. Educate your employees or coworkers. Phishing emails are the most common way ransomware is spread. Do not click suspicious links or download attachments that come from an unfamiliar email address.
Selectron helps governmental agencies and utility organizations navigate the continually evolving cybersecurity environment.

What does Selectron do to support your solution’s cyber security?
Security is a priority across the organization. From multiple layers of 24/7 security monitoring to our expert support and engineering team, we are dedicated to keeping the solutions our government and utility partners rely on online and operational.

Our hosted solutions maintain security at both the physical level, with controlled access via keyed and biometric entry, and the application level, with layered security to safeguard against suspicious activity, including firewalls, regular penetration and vulnerability testing, and Secure Software Framework and Software Development Life Cycle practices. Additionally, we have developed incident response practices that enable us to react quickly when our clients have been targeted by cyber-attacks and get their solutions back online.

How does Selectron’s hosted services help your IT team?
For agencies who leverage our hosted environment, we can remove a substantial burden from their IT department. We are continually investing in our server and security infrastructure, alleviating the need for IT staff to track and manage the solutions. We utilize best-in-class security solutions from multiple vendors to ensure complete coverage. Selectron’s payment solutions are all PCI-DSS compliant, which relieves considerable staff resources in maintaining annual requirements. In short, by shouldering the responsibility of data security, Selectron reduce the burden of compliance from IT staff who often are already stretched thin.

We understand the unique risk that government and utility agencies face from threat actors every day. Selectron is committed to doing our utmost to ensure the continuity of the crucial services you provide and prevent any threats that would impact your ability to serve your communities.

If you’re looking for a way to reduce your compliance scope, reach out to us and we are happy to help you explore your options.

Archives

FAQ: Cybersecurity and Ransomware

Empowering Customer Self-Reliance

TRUSTED SOLUTIONS • REAL VALUE

WordPress Appliance - Powered by TurnKey Linux