In 2019, the city of Lodi, Calif., was hit by ransomware attacks, which prompted CIO Benjamin Buecher to upgrade the city’s defenses.
“A few years back, we were hit by three attacks in three months by the same ransomware,” Buecher says in a Rubrik case study. “The attack significantly impacted our municipal services. Our objective was to prioritize the recovery process to get critical services back up as soon as possible. However, after the second attack, our CAD dispatch service went down. It took our CAD vendor at the time four days to get us 100 percent back up and running.”
CDW Solution Architect Eric Marchewitz says local governments remain a popular target of ransomware because a successful attack can have dramatic effects.
“Often, the bad actors attack state and local governments with ransomware because they have services that need to be kept up and running, like the police and fire departments,” Marchewitz says. “Municipalities may have systems such as water and power that can go down.”
Thus, bad actors may be able to get money very quickly from governments eager to restore services after a disruption.
Click the banner below to explore fighting ransomware with zero trust.
Protect Against Phishing and Other Attack Vectors
“We were pretty sure that we actually got infected by someone opening up their personal email,” Buecher says.
Phishing remains a top vector for ransomware attacks, Marchewitz says.
“Everyone’s got a firewall, everyone’s got some sort of anti-virus, but these advanced phishing campaigns are extremely effective now. So, getting those basics in place is extremely important,” he says.
State and local governments must plan for business continuity and adopt a continuity of operations plan, Marchewitz says.
“All the tools in the world, without a proper plan, are not going to deliver the results. The threats are getting worse, and artificial intelligence is making it easier and easier. The most elite hackers in the world used to be the ones to do ransomware. Now, it’s moving down the stack to really anyone within the community and a whole host of bad actors that we have to concern ourselves with around the world,” he says.
Marchewitz advises agencies to adopt a plan and conduct security assessments of their government IT environment to identify vulnerabilities and protect their networks against ransomware.
Establish Standard Operating Procedures and Acquire Cyber Insurance
Marchewitz advises state and local governments to finalize their standard operating procedures.
“Standard operating procedures are something that most people don’t think about until after the fact. They encompass everything from how roles and access are defined to what to do when there’s an incident and there’s a breach,” he says.
Established procedures provide governments with an “action plan.” Officials may consider developing procedures with generative AI tools like ChatGPT, he says.
“It is a great time for people who want to add additional structure because we’re actually seeing the ability for AI to generate these things for us. Really, one of the first things is to get your house in order on what your processes for security are and what the roles are and what happens if there is an incident,” Marchewitz says.
Governments also should conduct reviews of their cyber insurance to ensure they are covered for specific incidents, he says.
“As things get more intense, we’re going to see a lot of exclusions, a lot of ways to deny claims,” Marchewitz says. “You don’t want to get stuck as a municipality holding the bag when the insurance company told you to go ahead and use the most expensive firm to do your remediation work.”
