In the last few years, a new target has emerged for cyberattacks: government entities. Though national headlines have mostly centered on corporate attacks and national security breaches, government agencies on the local and state level have also seen a sharp increase in the volume and severity of cyberattacks.
In March 2018, a large city made national news with the SamSam ransomware attack, which cost the city around $2.6 million for incident response efforts. Unfortunately, a year later, that dollar amount now seems quaint.
This past May, another major city was hit by a cyberattack.. Hackers took hold of city computers, demanding $76,000 in bitcoin. The city decided to fight back.
Cyber experts were called on the scene to try to restore emails and attempt to bring entire departments back online. While email was working again by June, many billing departments, including water, were knocked out for months. (It wasn’t until September that residents began receiving water bills again).
All told, the city lost big time. When looking at the combination of lost or delayed revenue, direct costs to restore networks, the amount estimated for recovery, and the cost of insurance, the city will be spending more than $20 million in total incident response costs. That’s tough for any city to do, especially if they’re strapped for resources and funds.
If other local and state governments learn anything from this ordeal, it should be about the need for modern disaster recovery services that help make ransomware more of a nuisance, rather than a catastrophe.
Many organizations have known vulnerabilities that can be easily exploited by cybercriminals. And even if the vulnerabilities are patched, it could be as easy as someone clicking on a bad link for a breach or attack to occur.
1: Data Backup is Only the First Step
A government data breach can expose not only internal department information but also residents’ personal data. This includes the aforementioned water bills, credit card payments, building permits, financial and home information, and much more.
Ensuring a proper off-site backup, ideally in the cloud, that is separate from primary backup copies can be a life saver during a ransomware attack, but it isn’t enough. What to do with those backups and how to recover is just as important, because what the criminals are counting on is that it will be so difficult to restore from backup that the government agency will be forced to pay the ransom instead. That should never have to happen.
2: Cloud Services
Cloud-based disaster recovery, otherwise known as DRaaS, can be a crucial component to preventing the damage caused by ransomware. By replicating workloads and making them available to failover to, government agencies will always have a sound plan to keep the city’s systems up and running.
But won’t replication mean that the ransomware will get replicated as well? Yes, however a good cloud DR solution will have a journaling feature, allowing you to failover to the point in time before the ransomware took effect. This minimizes data loss and allows for rapid recovery. If you can minimize or eliminate the disruption caused by ransomware, your organization won’t be a likely victim in the future, as criminals tend to move on to easier targets.
3: The Adoption of Best Security Practices
Perhaps the biggest security risk any government entity or business faces is human error or lax attention from their employees.
Weak passwords, lack of two-factor authentication, employees vulnerable to phishing attacks,— these basically leave the door wide open for hackers and ransomware extortionists.
Disaster recovery planning is also about prevention, and therefore must contain thorough and repeated education on best security practices for employees.
4: Testing is Paramount
Security experts will rightly focus on testing for prevention, including finding vulnerabilities like unpatched servers or employees that need more training. But you should also test your DR plan to see if you can truly recover from an attack. A solid cloud-based DR solution, backed by a company with experts who can support you, will allow for periodic testing that will help city leaders and technology professionals sleep well at night knowing they’re covered for all eventualities.
At FirstLight, disaster recovery is a key pillar of our business. We’ve worked with numerous organizations to help them implement a cloud-based DR solution that provides a safety net should they suffer from downtime caused by any event, including common outages or cyberattacks.
Download our free DRaaS for Dummies guide from Veeam and FirstLight. Contact us today to set up a free disaster recovery consultation.