The recent spate of ransomware attacks in Florida provides some valuable lessons for businesses and government agencies. A bill introduced in the Florida House of Representatives on July 1, 2022, would give public-sector agencies across the state more cybersecurity-related responsibilities, including the requirement to report ransomware attacks and other incidents to state authorities, as well as annual cyber hygiene training for many state and local government employees. Florida state Rep. Mike Giallombardo presented a measure that prohibits state and local governments from paying ransomware demands. More than a million dollars was lost by insurance companies as a result of five Florida towns being infected with ransomware between April and June. If an agency files a cyber event, it will also have to submit an after-action report to the Florida Digital Service, the state's IT agency, which is currently creating a new cybersecurity operations centre.
If Florida passes Giallombardo's bill in complete, it would not be the first state to explicitly outlaw ransomware payments—North Carolina did so last year—but cybersecurity industry experts have publicly questioned whether such restrictions are successful in lessening the danger of extortion-by-malware. In April, a 60-person Ransomware Task Force presented a policy plan that did not advocate payment limitations since such statements may just drive financially motivated criminals to target additional victims. Furthermore, the task group found that governments would be better served by increasing their defenses via IT expenditures and training aimed at reducing the total number of successful attacks.
Other elements included in the Florida bill, introduced on Thursday, are targeted at enhancing state and local cybersecurity. Giallombardo's proposals include requiring all state and local entities to notify the Florida Department of Emergency Management (FDEM) of any cyber occurrences in the same manner as they would report any other disasters. Additionally, local governments would be compelled to inform their respective county sheriffs. The bill would also ensure that all government employees who have access to a federal network receive cybersecurity training during the first 30 days of their employment and every year afterwards. Workers who have to deal with "extremely sensitive material" will have to go through "advanced" education and instruction. In 2020, the Florida Digital Service was established, which sparked a reorganization of IT governance in the Sunshine State. Florida's chief information officer and agency director James Grant recently revealed intentions to spend $15.9 million on governmentwide cybersecurity upgrading. A committee hearing on the measure was held but no similar legislation was introduced in the Florida Legislature.
The "Guide to Ransomware Prevention" published by Cyber Florida offers the following advice to organizations and governments: "
All vital data should be duplicated and stored in two different physical places in a cloud backup that comprises numerous "iterations of backups."
The most recent patches and updates from the manufacturer should always be used.
Assuring cyber-security awareness training for all employees and do it often.
As part of your business continuity and disaster recovery strategy, develop an incident response strategy for cyber-related incidents.
Check to see whether your anti-malware and spam filters are working.\Limit who has access to the system and files.
Separate "legacy" systems that no longer get frequent upgrades from other systems.
Remove macro scripts from e-mail attachments of Microsoft Office documents.
Novum IT is here to help with professional security solutions like vulnerability management, identity and access management services, Endpoint protection, etc. Don’t hesitate and improve your cybersecurity right away if you live in Florida, as it will help you save your identity and a lot of money!