Mitigating Ransomware Attacks in U.S. Public Institutions: A Compliance-Driven Framework Approach
DOI:
https://doi.org/10.63282/3050-9416.IJAIBDCMS-V2I2P105Keywords:
Ransomware Mitigation, Public Institutions, U.S. Government Cybersecurity, Compliance Framework, Cybersecurity Governance, Risk Management, Incident Response, Data ProtectionAbstract
Ransomware attacks pose a growing threat to U.S. public institutions, particularly in the education and government sectors. These attacks exploit outdated infrastructure, limited budgets, and insufficient cybersecurity expertise, often leading to significant operational, financial, and reputational damage. In response, a compliance-driven framework approach, leveraging established standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), has emerged as a viable mitigation strategy. This paper examines the application of compliance-driven frameworks through case studies of educational and government institutions. Key findings highlight the importance of structured risk assessments, incident response plans, and continuous monitoring in mitigating ransomware risks. Additionally, the case studies underscore the benefits of aligning cybersecurity practices with regulatory requirements to enhance resilience against ransomware. This work provides actionable insights and practical recommendations for public institutions to strengthen their ransomware defence capabilities
References
1. S. Richardson and M. North, "Ransomware: Evolution, mitigation, and prevention," Computer Fraud & Security, vol. 2017, no. 6, pp. 8-12, 2017.
2. National Institute of Standards and Technology (NIST), "Framework for Improving Critical Infrastructure Cybersecurity," Version 1.1, Apr. 2018.
3. M. A. Al-Rawi, L. T. R. Mitchell, and J. McDonald, "Ransomware: A growing threat to public institutions," Journal of Information Security and Applications, vol. 40, pp. 76-84, 2018.
4. M. K. Gupta, P. K. Dhar, and R. Kumar, "Compliance-driven cybersecurity frameworks for public sector resilience," International Journal of Cyber Security and Digital Forensics, vol. 9, no. 4, pp. 263-271, 2019.
5. C. Kannoth and S. Patel, "Mitigating ransomware attacks in public institutions: Strategies and challenges," in Proceedings of the 12th International Conference on Cybersecurity and Resilience, 2019, pp. 134-141.
6. N. J. Barker and H. J. Hock, "Cybersecurity in education: Lessons learned from ransomware incidents," Education Security Review, vol. 5, no. 3, pp. 45-51, 2018.
7. C. Fruhlinger, "The history of ransomware: How it evolved and where it’s going," CSO Online, Jan. 2019.
8. B. Schneier, "Ransomware and the evolving cyberthreat landscape," IEEE Security & Privacy, vol. 17, no. 2, pp. 9-12, 2019.
9. J. Smith and A. Johnson, "The role of federal policies in mitigating cybersecurity threats to public institutions," Journal of Public Policy and Technology, vol. 6, no. 1, pp. 27-38, 2018.
10. D. H. Haskins and K. A. Weber, "Building cybersecurity resilience in municipal government," International Journal of Critical Infrastructure Protection, vol. 25, pp. 46-53, 2019.
11. Greenberg, "The untold story of NotPetya, the most devastating cyberattack in history," Wired, Aug. 2018.
12. K. Savage, P. Coogan, and H. Lau, "The evolution of ransomware," Symantec Security Response, vol. 21, pp. 1-13, 2015.
13. R. Martin and T. B. Jackson, "Trends in ransomware: 2015–2019," Cybersecurity Trends Journal, vol. 8, no. 2, pp. 19-27, 2019.
14. P. Ferguson, "The rise of ransomware-as-a-service," Network Security Journal, vol. 18, no. 4, pp. 23-28, 2018.
15. K. Cox, "Baltimore ransomware attack cost over $18 million, audit reveals," Baltimore Sun, Dec. 2019.
16. Palmer, "How ransomware evolved to target million-dollar payouts," Cybercrime Quarterly, vol. 3, no. 1, pp. 32-38, 2019.
17. G. Martin, "The cost of ransomware: Analysis of high-profile cases," Tech Analysis Weekly, vol. 12, no. 5, pp. 24-30, 2019.
18. B. Russo, "SamSam ransomware: A targeted attack," Cybercrime Insights Journal, vol. 7, no. 3, pp. 14-21, 2018.
19. L. Taylor, "Ransomware attacks on small governments: Trends and responses," Public Sector Cybersecurity Review, vol. 9, no. 2, pp. 22-28, 2019.
20. E. Wallace, "Network segmentation as a defense against ransomware," Enterprise Security Today, vol. 11, no. 4, pp. 12-18, 2019.
21. R. Watkins, "ISO 27001 adoption in public institutions," Information Security Standards Review, vol. 6, no. 2, pp. 34-42, 2019.
22. T. Hughes, "The future of compliance frameworks: Integrating AI and ML," Cybersecurity Innovations Quarterly, vol. 7, no. 1, pp. 18-24, 2019.
23. K. Young and J. Adams, "Lessons from GDPR: Implications for U.S. data protection policies," Global Data Security Review, vol. 5, no. 3, pp. 12-20, 2019.
24. S. Parker, "Cybersecurity readiness: Bridging the gap in public institutions," Journal of Public Sector IT Management, vol. 4, no. 2, pp. 28-35, 2019.
25. Kiran Nittur, Srinivas Chippagiri, Mikhail Zhidko, “Evolving Web Application Development Frameworks: A Survey of Ruby on Rails, Python, and Cloud-Based Architectures”, International Journal of New Media Studies (IJNMS), 7 (1), 28-34, 2020.
