A view of Lake Sammamish and Issaquah from Poo Poo Point, Eastside, Wash. Sammamish, Wash., had to declare a city emergency after a ransomware attack took hold of its systems.

Mar 18 2019

Ransomware Wreaks Havoc on Small Town, USA

How local governments can defend against the threat of ransomware in 2019 and beyond.

In January, a ransomware attack on the city of Del Rio, Texas, shut down City Hall servers and forced officials to resort to pen and paper to provide services. The city of Sammamish, Wash., also had to declare a city emergency after ransomware took hold of its systems, affecting storage drives and internal shared files.

As recent patterns suggest, cybercriminals are not just targeting large cities such as Atlanta now. Small towns are also under attack, and they are especially vulnerable to ransomware, as they typically lack funds and security expertise that may be present in larger locales.

A recent survey from e.Republic on government market insights revealed that city IT leaders rank cybersecurity as their No. 1 priority. But while many local governments are prioritizing cybersecurity, ransomware threats continue to evolve at a faster rate.

With this in mind, smaller local governments should take steps and accelerate their plans to protect against ransomware, among other cyberattacks. Preplanning is needed so that, when trouble strikes, there are immediate steps taken to ensure services aren’t disrupted and critical activities that residents rely on can continue as needed.

In addition to planning, creating a more resilient IT and cybersecurity posture to protect data, employees and citizens against the threat of ransomware requires rethinking legacy data backup strategies, which are common among smaller local governments, and also ensuring employees know how to spot ransomware when they see it.

MORE FROM STATETECH: Discover why cybersecurity planning should be a top priority for local agencies. 

How to Evolve Data Backup Protections

Technology advancements are being made constantly, and replacing legacy backup methods to keep up with advancements should be a priority. One such approach is continuous data protection, which bolsters the ability to protect critical data on an ongoing basis and makes it easy to recover data in the event of ransomware.

Continuous data protection is a technology that allows local governments to continuously capture and track data modifications, automatically saving every version of the data that the user creates. It provides real-time protection against the kind of attacks that have impacted critical services in these towns.

The technology significantly moves a local government organization beyond the limitations of today’s legacy backup, which currently leaves major gaps between snapshots, and offers the ability to recover all data from just seconds before it is held for ransom. This can ensure that an organization will remain open yet protected in the face of today’s cyberattacks. 

When identifying continuous data protection technologies, local government organizations should seek to invest in tools with automated recovery to achieve continuous availability of their data. As part of this overall resilience strategy, and for added protection, local government agencies may also consider workload mobility capabilities and multicloud agility to allow data and applications to move between on-premises and cloud sites for optimized recovery.

CDW Cybersecurity Insight Report

Why Educating Employees Is Critical

Another important aspect of protection against ransomware is training employees. Some IT leaders — including those who have learned the impact of ransomware on their organization the hard way — periodically send their staff sample dummy emails to help them determine if an email is actually a phishing attack. They’ve helped educate their employees on what potential cyberattacks look like, how to respond and how to report it in those instances.

By educating employees and strategically investing in continuous data protection for continuous availability, organizations can reach a point where they are protected against any disruption — planned or unplanned — and are always on, available and protected 100 percent of the time.

As troubling as these recent attacks on smaller towns are, they also open the door for other cities to take a close look at their own vulnerabilities and leverage different tools and services. If they have the continuous data protection capabilities discussed here, they could recover data files that are critical to their city’s day-to-day functions within seconds.

Criminals rarely provide warning, but in the current news climate it is hard to ignore their existence. We know attacks are increasing, and we know they will continue to evolve. 

However, if the critical infrastructure of cities continues to be targeted, steps need to be taken to prepare for attacks and increase the ability to retrieve the latest data for short- and long-term resilience. This will enable cities to shield themselves from the significant damage and aftereffects that have become the costliest consequences of ransomware events. Attacks will continue to occur, but the ultimate goal is no data loss, no downtime and no interruptions to the organization and its citizens.

dmitriko/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT