updated with the latest security patches. Where feasible, allow automated patching for security
                   updates, like in Windows environments.
               •  Access control based on the least privilege principle — Restrict user access based on job
                   roles and limit the privileges granted to service accounts. Ideally, grant elevated access only when
                   necessary for particular tasks. Minimizing permissions dramatically reduces the reach of both
                   malicious insiders and adversaries who compromise accounts.
               •  Network segmentation — Implement network segmentation to contain infections and prevent
                   malware from spreading across critical systems. In particular, be sure to isolate environments that
                   contain sensitive data and systems.
               •  Threat monitoring — Deploy advanced threat detection solutions to identify and neutralize wiper
                   malware before it executes. Continuous monitoring of network activity can help detect anomalies
                   that could indicate an attack in progress.
               •  Threat intelligence — Understand who may be targeting your IT environment and proactively
                   learn about their usual tactics. Prioritize security efforts and fine-tune monitoring based on tools
                   and techniques used by the threat actors that are more likely to attack.
               •  Incident response and recovery plans — Build comprehensive incident response and recovery
                   strategies that help ensure quick identification, containment, and mitigation of threats. Be sure to
                   test and exercise them regularly; a well-rehearsed plan can significantly reduce downtime during
                   an attack.
               •  Immutable  backups  —  Since  wiper  malware  aims  to  permanently  delete  data,  maintaining
                   immutable backups out of reach of malware is crucial. Moreover, before unfolding the attack,
                   threat actors can poison backups to make them unrestorable, so test your backups regularly to
                   ensure they can actually be used for recovery.



            Strengthening Cyber Resilience Against Wiper Attacks

            For government organizations, cyber resilience is inseparable from mission assurance. Implementing
            zero-trust architecture, segmenting sensitive enclaves, enforcing least-privilege access, and maintaining
            immutable, routinely tested backups are no longer “best practices” but essential controls for complying
            with  FISMA,  Executive  Order  14028,  and  CISA’s  Binding  Operational  Directives.  Combine  those
            technical  safeguards  with  regular  tabletop  exercises  and  an  incident-response  playbook  that  spans
            agencies and trusted public-private partners to transform wiper malware from an existential threat into a
            manageable  risk.  The  goal  is  clear:  ensure  that  even  under  digital  bombardment,  the  wheels  of
            government keep turning, and citizens never lose access to the vital services they depend on.















            Cyber Defense eMagazine – September 2025 Edition                                                                                                                                                                                                          108
            Copyright © 2025, Cyber Defense Magazine. All rights reserved worldwide.