Security

Backup and Recovery Systems Augment Government Cyber Resilience

State and local officials orchestrate multiple levels of defense for ransomware and other threats.

Brian T. Horowitz is a writer and editor covering enterprise IT, innovation and the intersection of technology and government.

For William Mann, CISO of West Chester, Pa., a borough 25 miles west of Philadelphia, phishing messages remain a big challenge. In fact, although automated solutions block 85% to 90% of the threats, 1 out of 10 phishing messages still lands in employees’ inboxes, Mann says.

Mann recalls a phishing email in late July that was sent to 34 employees, asking them to enter their Microsoft 365 credentials. After receiving several help desk tickets, he was able to remediate the problem using the department’s Barracuda Networks dashboard.

“This demonstrates the importance of educating staff, because often they are the first ones to see phishing messages,” Mann says. “Barracuda’s security awareness training plays a big part here.”

Should a phishing attack succeed, Mann will rely on Barracuda and other solutions to recover any compromised data. Cyber resilience means investing in robust cybersecurity services that fit the budget, along with advanced threat protection solutions, disaster recovery and cybersecurity awareness training.

“All of these things combined can keep the local government moving along,” he says.

Click below for more guidance on achieving cyber resilience.

x-cyberattack-static-2024-clickhere-desktop

x-cyberattack-static-2024-clickhere-mobile

Automated data backup can help put agencies at ease, says Matt Kimball, vice president and principal analyst at Moor Insights & Strategy.

“You, as the CISO, can sleep a lot more comfortably knowing that you've deployed into one of these storage environments,” Kimball says. “You understand that your data resides somewhere else, and even though someone got a copy of it, you have the cleanest, most pristine copy, and you can restore your environment very quickly.”

“I see hybrid, multicloud as the optimal deployment model for backup and recovery,” he says. “Leverage the cloud as much as possible, but be sure you have a plan to support your most critical functions if, for some reason, the cloud isn’t there.”

A Mix of Backup Services Offers Layered Redundancy

During his 38 years working for the borough of West Chester, Mann has seen the backup strategy evolve from tape to DVD, then to on-premises storage and finally to the cloud. Backup solutions are particularly important as state and local governments contend with the growing threat of ransomware.

“A lot of these ransomware attacks, they sit there like a time bomb on your network for 91 days,” Mann says. “They're trying to get beyond your last backup.”

To address phishing problems, Mann circulates the Cybersecurity Daily, two- to five-minute videos for borough employees to educate them on cyberthreats. There’s also a weekly newsletter called Cybersecurity Friday.

A lot of these ransomware attacks, they sit there like a time bomb on your network for 91 days.”

William Mann CISO, West Chester, Pa.

To maintain cyber resilience, West Chester relies on a three-tier backup system: Barracuda’s cloud backup service, Microsoft 365 and Datto’s business continuity and disaster recovery platform.

“If Microsoft has a problem, we can rely on Barracuda; if Barracuda has a problem, we can rely on Datto if there's a failure or a compromise,” Mann says. “So, it really does give us confidence in maintaining services.”

Barracuda’s advanced threat protection acts as a shield to safeguard government email from hackers. Barracuda allows West Chester to pull back messages from an inbox, see who interacted with a message and on what device, Mann explains.

The date to which a state or local government can back up data is critical for retention during a cyber incident.

“When you talk about recovering from a cyberthreat, if you can go back six months or a year, that's huge,” Mann says. “Although you still are losing the data in the middle, it's better than losing everything or losing your systems.”

With a window of retention, however, an organization will still experience data loss. Retention limits in backup and recovery tools are important to consider when you need to recover from a cyberattack, rather than wiping out email after a 90-day limit, Mann says.

Multiple Levels of Recovery Facilitates Constant Readiness

Like West Chester, the state of Missouri maintains cyber resilience by using more than one data recovery and backup solution. The state ensures that data can be recovered from multiple moments in time, without gaps.

“Cyber resilience really means having a plan and preparing on all fronts to protect, react and be ahead of it before you're actually hit,” says Missouri CTO Kevin McCarthy. “We really tried to have multiple facets and multiple stages on all levels to protect against cyberattacks.”

Since 2023, Missouri has used Cohesity to protect government data on many levels and to air gap copies of data for safekeeping, McCarthy says.

75%

The number of state and local government organizations that used backups to restore data following a ransomware attack

Source: Sophos, “The State of Ransomware in State and Local Government 2023,” July 2023

His team protects email, core IT and child welfare data, among others. Cyber resilience means not relying on a single resource for backups, he says, but combining backup and recovery with virtualization, storage snapshots and replication.

“Whether it’s internal or external, inside or outside, whether it's malware, ransomware or AI-driven, there are so many possibilities that if we're trying to provide one solution to fit the bill for everything, we are missing a mark on what we really need to be doing,” McCarthy says.

Cohesity saves the state money by offering multiple capabilities in one platform, including compute, storage and backup.

“We've made a large investment in our people and training and putting in the best solutions we can to be cyber resilient and protect our data from these types of incidents, while also having multiple routes and possibilities to react in those cases,” McCarthy says. “Because none of these situations are ever orchestrated the same way.”

Pursuing Immutable Backup

For New Orleans CIO Kim Walker LaGrue, cyber resilience means the city can maintain continuity of services for its citizens, whether it’s recovering from a cyberattack or a hurricane.

“For any type of interruption, cyber resilience means that the city continues to deliver those services in the most critical situations and in the most routine situations,” LaGrue says. “Whether it is information about crime or geospatial data about where events are happening in the city, that type of information is critically important to delivering city services effectively.”

In December 2019, New Orleans suffered a ransomware attack, and all technology services went offline. The city did not pay the ransom.

“We understood the imminent threat to the city's environment,” LaGrue says. “We had made that decision and really braced ourselves for an attack, had a good backup strategy and made sure that we were regularly backing up our data.”

DISCOVER: Why incident response is essential for cyber resilience.

The New Orleans IT team had to disconnect all systems from the internet, so all city technology operations were shut down.

“We were looking to migrate to something that would allow us to simplify our storage environment, remove some of the complexities and introduced flash storage in a more cost-effective manner,” LaGrue says. “We wanted to get more value for what we were paying at the time.”

To recover from the cyberattack, New Orleans assessed the data it had at rest, inspected it and moved it to clean storage. Next, it brought the backups online. Three or four days after the attack, the city signed up with Pure Storage to gain faster storage and immutable backups.

New Orleans also integrates backup and recovery tools from multiple vendors. Veeam worked with Pure Storage as a complete solution to help the city bring services back online after the ransomware attack. During this process, setting up immutable backups and a secondary data center were key.

“Pure Storage also allowed us to set up replication in our offsite data center, which gave us a better opportunity to recover quickly, should we face another disaster or unexpected interruption to our business. That, along with immutable backups, let us begin a recovery process and feel comfortable about the backup strategy that we had,” LaGrue says.

Sources of Stress for Government IT Systems

According to a recent CDW white paper, “Why a Good Cyber Resilience Strategy Is Essential to Business Success,” government IT systems face numerous sources of stress and vulnerability.

Ransomware: Social engineering and credential theft continue to be the top attack vectors used by malicious actors, more often than any other action, CDW notes.

Phishing: Thanks to the malicious use of generative artificial intelligence, phishing attacks are becoming easier to craft.

Complexity of modern IT: Combining legacy systems, cloud services and third-party integrations opens the door to significant risks.

Supply chain attacks: Threat actors may focus on small entities, targeting the weak link in supply chains and thus compromising government agencies.

Limited visibility: The longer it takes an IT team to detect an incident, the more damage cyberattacks can do.

Photography by Colin Lenton