Jun 04 2024
Security

Lodi, Calif., Built a Ransomware Defense Matrix with Multiple Solutions

The California municipality’s IT chief discusses some of his city’s cybersecurity tools.
Adam Stone
by

Adam Stone writes on technology trends from Annapolis, Md., with a focus on government IT, military and first-responder technologies.

In Lodi, Calif., a ransomware attack served as a wake-up call to city IT leaders.

It looked like nothing at first. “We thought it was something routine, that the system had stopped, and we needed to reboot it,” says IT Manager Benjamin Buecher. Then a technician found a ransomware letter in the system. “We immediately went into defensive mode.”

Existing tools helped minimize the damage, but Buecher determined that a more vigorous defense was needed going forward. “We had to rethink our security posture. We weren’t just little old Lodi, stuck in the middle of California, anymore. We were actually a target,” he says.

For Lodi’s IT office and other government agencies, a matrix of defensive tools is proving key to ensuring security in the face of rising ransomware attacks. Those tools include backup and recovery, robust firewall and intrusion detection solutions, and end-user training and testing.

Click the banner below to see how cyber resilience mitigates ransomware.

x-cyberresillience4-static-2024-na-desktop x-cyberresillience4-static-2024-na-mobile

 

“To defend against ransomware, organizations must adopt a comprehensive, layered approach to cybersecurity, encompassing people, technology and processes,” says IEEE Senior Member Kayne McGladrey.

In addition to identifying suspicious emails, “technologies such as anti-virus software, endpoint detection and response systems, automated patching, threat intelligence feeds, and encrypted offline backups further mitigate the risk of ransomware,” he says.

Agencies Lean Into Robust Backup and Delivery

With bad actors able to lock up systems and data, Buecher realized that powerful backups are essential.

As Buecher shopped the options, Rubrik Cloud Data Management rose to the top. With its cloud backups, Rubrik’s solution “was taking us away from the norm, the traditional standards that everybody else was still using,” he says. “That was going to give us an edge against any future attacks.”

In Butte County, Calif., a medium-sized county of 210,000 people, Director of Information Systems Paul LaValley likewise leverages Rubrik to keep his data safe and accessible.

WATCH: Lodi, Calif.’s IT manager discusses ransomware recovery.

Formerly CIO for Yuba County, Calif., LaValley says, “We used Rubrik as a key tool to help us recover from a ransomware event.” With critical server infrastructure backed up, “we recovered relatively quickly and without having to pay a ransom, which is a really significant thing.”

At Butte County, he put the same solution in place. “We use Rubrik as part of our data protection and service recovery systems,” he says. “It is a very critical tool when you need it.”

Cyber Resilience Sidebar

Related Content:

Learn how backup solutions help state and local agencies combat ransomware.

Dive deeper on the progress state and local governments are making against ransomware.

Explore firewalls that provide powerful security advantages.

 

How Powerful Firewall Controls Support Agency Security

For Buecher, backups are just part of the solution. He’s also leveraging modern tools to make the network itself more resilient in the face of ransomware threats.

As part of the city’s security revamp, “we got away from our traditional firewalls,” Buecher says. Today he leans on Palo Alto Networks.

“With their software-defined networking solutions in their firewalls, Palo Alto gives us more granular control over what’s actually coming and going through this firewall. It also helps us monitor and get better insights into what is actually being used,” he says.

He also utilizes Cortex, an AI-based tool from Palo Alto that monitors the behavioral aspects of the network.

As files come into the system, “we can look for the behavioral patterns of those files after they hit our network, isolate them immediately on whatever machine they hit, and then go in and fix or take that machine offline if we need to,” he says.

Buecher says that IT leaders should take a hard look at their data stores in order to make a case for needed expenditures.

“You have to put a dollar amount on that data. How much is that worth to you?” he says. “As soon as you put a value on your data, that becomes your selling point to whoever you need to convince.”

LEARN MORE: State and local agencies can fight back against ransomware.

Agencies Prevent Ransomware Through Training and Testing Users

Most ransomware exploits launch via phishing and other user-targeted attacks. That means it’s critical to address not just technological solutions but also the people piece of the cyber puzzle.

To that end, Lodi partners with KnowBe4, leveraging its cybersecurity educational software system to ensure users are on guard against attacks. Employees have been training with the platform for three years, and KnowBe4 also conducts phishing tests, sending fake emails to everybody in the organization. The regular testing “is one of those things that everyone looks forward to on a monthly basis,” Buecher says.

The system generates a fake phishing email, “and then we’re able to track who opens it, who clicks on the link,” he says. He’s turned it into a game among the executive team and the directors, who wait eagerly to see how well their employees perform. “It’s even better when a director actually clicks on something and gets caught.”

The training and testing through KnowBe4 has helped everyone realize that “we’re all doing this together,” he says. “It’s not strictly an IT function anymore to protect our organization.”

At the Indiana Information Sharing and Analysis Center, part of the Indiana Office of Technology, Executive Director Tad Stahl also gives KnowBe4 high marks.

“KnowBe4 has a very deep library of training modules, and we are fortunate here to have executive support that allows us to do a training every month. We try to keep that between seven and 12 minutes, and it allows us to keep pertinent training issues top of mind for our workforce,” he says.

“We also run the phishing tool on a quarterly basis to measure performance, and then on an ad hoc basis to help those who need additional training,” he says.

Stahl adds, “KnowBe4’s library may have 20 or 25 modules on phishing, and we will try to run those frequently, at least twice a year. And then we sprinkle in other topics around password security and general social engineering threats. We’ll give them something different every time.”

Root Causes of Ransomware Attacks

For The State of Ransomware in State and Local Government 2023, Sophos surveyed 225 state and local government respondents to discover how ransomware attacked their organizations.

  • 38% Exploited vulnerability
  • 30% Compromised credentials
  • 14% Phishing
  • 11% Malicious email
  • 5% Brute force attack
  • 1% Download
Jumpeestudio/Getty Images

More On

Related Articles

Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.

Click to See the Report