Jun 04 2024
Security

Lodi, Calif., Built a Ransomware Defense Matrix with Multiple Solutions

The California municipality’s IT chief discusses some of his city’s cybersecurity tools.

In Lodi, Calif., a ransomware attack served as a wake-up call to city IT leaders.

It looked like nothing at first. “We thought it was something routine, that the system had stopped, and we needed to reboot it,” says IT Manager Benjamin Buecher. Then a technician found a ransomware letter in the system. “We immediately went into defensive mode.”

Existing tools helped minimize the damage, but Buecher determined that a more robust defense was needed going forward. “We had to rethink our security posture. We weren’t just little old Lodi, stuck in the middle of California, anymore. We were actually a target,” he says.

For Lodi’s IT office and other government agencies, a matrix of defensive tools is proving key to ensuring security in the face of rising ransomware attacks. Those tools include backup and recovery, robust firewall and intrusion detection solutions, and end-user training and testing.

Click the banner below to see how cyber resilience mitigates ransomware.

 

“To defend against ransomware, organizations must adopt a comprehensive, layered approach to cybersecurity, encompassing people, technology and processes,” says IEEE Senior Member Kayne McGladrey.

In addition to identifying suspicious emails, “technologies such as anti-virus software, endpoint detection and response systems, automated patching, threat intelligence feeds, and encrypted offline backups further mitigate the risk of ransomware,” he says.

Agencies Lean Into Robust Backup and Delivery

With bad actors able to lock up systems and data, Buecher realized that robust backups are essential.

As Buecher shopped the options, Rubrik Cloud Data Management rose to the top. With its cloud backups, Rubrik’s solution “was taking us away from the norm, the traditional standards that everybody else was still using,” he says. “That was going to give us an edge against any future attacks.”

In Butte County, Calif., a medium-sized county of 210,000 people, Director of Information Systems Paul LaValley likewise leverages Rubrik to keep his data safe and accessible.

WATCH: Lodi, Calif.’s IT manager discusses ransomware recovery.

Formerly CIO for Yuba County, Calif., LaValley says, “We used Rubrik as a key tool to help us recover from a ransomware event.” With critical server infrastructure backed up, “we recovered relatively quickly and without having to pay a ransom, which is a really significant thing.”

At Butte County, he put the same solution in place. “We use Rubrik as part of our data protection tool and service recovery tools,” he says. “It is a critical tool when you need it.”

Cyber Resilience Sidebar

 

How Powerful Firewall Controls Support Agency Security

For Buecher, backups are just part of the solution. He’s also leveraging modern tools to make the network itself more resilient in the face of ransomware threats.

As part of the city’s security revamp, “we got away from was our traditional firewalls,” Buecher says. Today he leans on Palo Alto Networks.

“With their software-defined networking solutions in their firewalls, Palo Alto gives us more granular control over what’s actually coming and going through this firewall. It also helps us monitor and get better insights into what is actually being used,” he says.

He also utilizes Cortex, an AI-based tool from Palo Alto that monitors the behavioral aspects of the network.

As files come into the system, “we can look for the behavioral patterns of those files after they hit our network, and isolate them immediately on whatever machine they hit, and then go in and fix or take that machine offline if we need to,” he says.

Buecher says that IT leaders should take a hard look at their data stores in order to make a case for needed expenditures.

“You have to put a dollar amount on that data. How much is that worth to you?” he says. “As soon as you put a value on your data, that becomes your selling point to whoever you need to convince.”

LEARN MORE: State and local agencies can fight back against ransomware.

Agencies Prevent Ransomware Through Training and Testing Users

Most ransomware exploits launch via phishing and other user-targeted attacks. That means it’s critical to address not just technological solutions but also the people piece of the cyber puzzle.

To that end, Lodi partners with KnowBe4, leveraging its cybersecurity educational software system to ensure users are on guard against attacks. Employees have been training with KnowBe4 for three years, and KnowBe4 also conducts phishing tests, sending fakes email out to everybody in the organization. The regular testing “is one of those things that everyone looks forward to on a monthly basis,” Buecher says.

The system generates fake a phishing email, “and then we’re able to track who opens it, who clicks on the link,” he says. He’s turned it into a game among the executive team and the directors, who wait eagerly to see how well their teams perform. “It’s even better when a director actually clicks on something and gets caught.”

The training and testing through KnowBe4 has helped everyone realize that “we’re all doing this together,” he says. “It’s not strictly an IT function anymore to protect our organization.”

At the Indiana Information Sharing and Analysis Center, part of the Indiana Office of Technology, Executive Director Tad Stahl also gives KnowBe4 high marks.

“KnowBe4 has a very deep library of training modules, and we are fortunate here to have executive support that allows us to do a training every month. We try to keep that between seven and 12 minutes, and it allows us to keep pertinent training issues top of mind for our workforce,” he says.

“We also run the phishing tool on a quarterly basis to measure performance, and then on an ad hoc basis to help those that need additional training,” he says.

Stahl adds, “KnowBe4’s library may have 20 or 25 modules on phishing, and we will try to run those frequently, at least twice a year. And then we sprinkle in other topics around password security and general social engineering threats. We’ll give them something different every time.”

Jumpeestudio/Getty Images
Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.