When the San Francisco Municipal Transportation Agency was hit with ransomware last November, it recovered systems without making the $70,000 Bitcoin payout the hackers demanded. But Muni still lost an estimated $50,000 in fares in the aftermath, underscoring the importance of strong IT security and a disaster recovery plan for critical infrastructure.
With ransomware on the rise, the public sector has plenty of victims.
NBC News warned recently that police departments are particularly susceptible to this IT security scourge. According to reports, law enforcement agencies in Illinois, Maine, Massachusetts and Tennessee paid ransoms to regain access to their files.
Fortunately for the city of Westland, Mich., a ransomware attack had a happier ending. After a public safety employee clicked on an email, the code locked down the machine and spread to a file server. Thanks to the organization’s layered security defenses, the city was able to recover its systems without paying the ransom, says CIO Dan Bourdeau.
Westland’s Trend Micro OfficeScan anti-virus solution picked up on a pattern and isolated two infected machines, then the city quickly restored the lost files on the server from its backup system. “Our plan for security is isolation, assessment, reporting, evidence preservation, recovery and forensics,” Bourdeau says. To find out how other local governments rose above ransomware and mitigated attacks, turn to “How 3 Local Governments Mitigated Ransomware Attacks.”
Mobile devices also present an attractive attack vector and are susceptible to ransomware and other threats. Traditional anti-virus and anti-malware software may not work with segmented, containerized data, so CISOs such as Philadelphia’s Jeffrey Gardosh instead focus their efforts on application security. Readers will learn more about the security technology and practices that states and localities rely on to protect mobile apps and data in “Education, Technology Key to Keeping Government Mobile Devices Safe."
How are you defending against new cybersecurity threats? Let us know what you would like to learn more about in order to be better prepared. The question is no longer whether a breach will happen, but when.