September 12, 2019 By BlueAlly
Few things are as stressful as a ransomware attack on your company. Your files are encrypted, your users are panicked, you don't know how far the infection spreads, and you don't know what the attack has brought with it. Your job is to get the business back up and running, while at the same time reassuring the company and answering questions from frustrated colleagues. Hopefully, you’re not also handling questions directly from people outside of the network, like customers and suppliers.
Imagine now if your company is actually a city with a few hundred thousand members of the public who depend on your services for things like utilities and emergency response. There's more at stake than just brand reputation or profit and loss. This scenario is a quality of life issue for everyone in the community.
Municipalities have been hit hard with ransomware in 2019. Albany New York was hit with a ransomware attack that took down almost all municipal services, including the police department. Louisiana declared a state of emergency when ransomware made the data and the phone system unavailable in three school districts. Two cities in Florida paid nearly $500,000 each to attackers in unrelated incidents in the same week. In a coordinated attack, 23 local governments fell victim to an attack that triggered a statewide escalated response. Unfortunately, the list of victims goes on and on.
Small public sector organizations rarely have the budget to employ cybersecurity experts. The worldwide shortage of these workers has left many companies at risk and scrambling to make up for the lack of expertise. The digital transformation of local governments combined with this shortage of security experts is making ransomware a rewarding choice for cybercriminals.
Cyber insurance is also paying off for ransomware criminals. In the United States, cyber insurance has reportedly become a $7-8 billion per year industry. Since many policies require the insurer to pay the costs of revenues lost due to an attack, insurers may recommend paying a ransom even when recovery is possible. One Forrester analyst has said that the increase in insurance payments has correlated with a resurgence in ransomware, and the FBI has reportedly said that hackers are specifically targeting American companies that they know have insurance.
The United States Conference of Mayors has adopted a resolution opposing payment to ransomware criminals, but that’s in the face of tough reality. Cyber insurance will only pay up to the coverage limit, and budget-strapped municipalities might not be able to sustain a lengthy recovery process.
So how can public organizations better protect themselves against ransomware? Data protection is a must, but there has to be more than just data backup. It’s critical to have a complete system in place that makes it easy to find and restore data quickly. According to one security professional, there are “a lot of times” when the time it will take to restore data from backup will exceed the cost of buying a decryption key. Risk assessments and reviews of the backup system should be conducted on a regular basis, especially after any changes that might affect how and where data is stored. Monthly or quarterly “fire drills” can also be helpful in testing the system and preparing the IT team for an actual emergency.
Email protection is also a fundamental piece of a ransomware defense strategy. A traditional gateway layered with an artificial intelligence application that defends your network against phishing attacks will prevent many of these attacks from ever getting to user inboxes. Ongoing user training will also help keep the social engineering attacks at bay.
If you would like more information about ransomware and how Barracuda can help you protect your municipality from an attack, watch our free on-demand webinar, Ransomware update: Staying ahead of a fast-evolving threat