SANTA MONICA, Calif. – September 26, 2019 – More than 200 city, county, and state governments have reported ransomware attacks in recent years – and attacks in 2019 are outpacing 2018. The impact of a cyberattack on a small government is large: interruption in critical public services, destruction and exposure of data, lost revenue, lost productivity, replacement costs of computer systems, legal liability, reputational damage, and more.
Because local governments typically have limited resources and limited IT infrastructures, they are extremely vulnerable to cyberattack. Data protection experts at Aparavi®, a Gartner Cool Vendor in the multi-cloud data management space, offered the following information for government IT professionals concerned about ransomware attacks:
According to a recent study nearly two-thirds of ransomware attacks are directed at governments and their agencies or departments. Victims range from small (Garfield County, Utah; population 5,172) to large (Baltimore, Maryland; population 2.8 million). Everything may be currently fine, knock wood, but take action today so it will continue to be fine tomorrow.
A ransomware attack is potentially life-threatening. A cyberattack impacting vital public services such as police/fire dispatch can mean loss of lives. If water, power, or transit systems get hit, residents are deeply affected, perhaps injuriously so. Senior citizens and children will suffer from failure to deliver the health and human services they depend on. Even interruptions in less critical services like licensing and permits can be extremely detrimental to the community.
Government budget processes, understandably, tend to address immediate needs and table decisions about future needs until the next cycle. Finance committees and public officials must be made to see ransomware as an imminent threat in order to understand the urgency of the funding request. If government coffers are too small to afford cyber-defense, they are too small to recover from an attack – which can cost hundreds of thousands to millions of dollars.
If a government is unable to collect taxes, fees, and fines, or process payments for utilities, it is consequently unable to support and maintain the city or pay staff. On top of the hard costs of replacing IT systems, lost or delayed revenues can cause an ongoing financial crisis.
Data that includes an individual’s name, home address, social security number, email address, or other Personally Identifiable Information (PII) is highly confidential, and highly attractive to a cybercriminal. Most data collected about residents, such as property tax, utility accounts, and criminal records, is PII. Government employee data is also PII. Failing to secure PII is especially irresponsible, and incurs possible penalties, if it’s compromised or breached.
Effective backup, security, and storage strategies will depend on the importance of the data, the retention goals, and the budget. At a minimum, move critical and sensitive files to encrypted at-rest storage, and replicate immutable copies to a second offsite location such as a cloud service. Governments should use a data protection Software-as-a-Service (SaaS) that sends a monthly bill based on usage – just like homeowners pay for their utilities. The “pay-as-you-go” model of SaaS products can be very affordable, and there’s no large up-front expenditure.
Attackers love hitting local governments for one reason: they tend to pay ransoms. However, most security experts say you shouldn’t. Paying a ransom does not guarantee a cybercriminal will restore your data; in fact it can trigger additional demands for more money. Even if you do get the data back, the cost and damage is often extensive, and resuming operations can still take weeks. Send a message that crime doesn’t pay, and send a message to taxpayers that their government doesn’t negotiate with cyberterrorists.
“It’s difficult for cash-strapped local governments to allocate funds for a potential threat when there are real-world budget needs right now, but this puts the government, and the public, at great risk,” said Darryl Richardson, Chief Product Evangelist at Aparavi. “This lack of preparation can cost a government a hundred times more than the price of protecting the data appropriately in the first place.”
For additional information and tips please visit our post on how to prevent ransomware attacks.
Aparavi’s SaaS solution delivers intelligent multi-cloud data management to organizations grappling with large volumes of unstructured data. Keep your data. Just do it better. For more information visit https://www.aparavi.com