Strategic Defence: Preventing Ransomware in Local Government

Copy of DR Plan.png

Ransomware is an equal opportunity threat. We hear every day of new and debilitating attacks against businesses of all sizes and across all sectors, including local government. 

A quick scan of the news shows how ransomware devastates local councils. In October 2020, London's Hackney Borough Council was hit by a ransomware attack and the stolen documents were published online. A cabinet member reported that the attack affected important services, including the ability of the council to process land search requests for property buyers. The residents weren’t too pleased—it’s reported that many complained (on social media) about how the attack ended up costing them money and, in some cases, derailed house purchases. In another incident, Redcar and Cleveland Borough Council was hit by a ransomware attack in February 2020 that cost it more than £10 million.

Across the pond, the New York Times recently reported on a devastating series of 26 recent ransomware attacks against U.S. government agencies in the last year; the latest target was the data of the Washington DC Police Department.

The question to be asking right now is: How can your organisation—whether a small business or a local council—best protect against the pervasive and growing threat of ransomware? Read on..

The Rise in Ransomware Attacks on Local Government

As a refresher, ransomware is a type of malware in which an attacker may access your data, alter credentials, encrypt files and demand a ransom to restore access. Ransomware can be delivered via phishing emails, business apps, social media and advertising links. 

Let’s set the scene a bit further. In 2020, local governments were the most likely target for ransomware attacks. Just two years ago, almost no local government paid the ransom to retrieve data or thwart the attack. This all changed last year, when 15% of local council targets made ransomware payments, each with an average payment of £1.26 million! 

So why is local government being attacked? The short answer is, because it can be. Many local councils or government agencies lack proper security and are simply unprepared. Hackers know this and they intentionally target and exploit the weak security posture of these councils, finding various ways to infiltrate networks, systems and data. Cybercriminals see government agencies as low-hanging fruit compared to other corporations and large banks with robust security practices in place.

Because of the critical services provided, local government may also find itself in the precarious situation where it has no choice but to resolve operational crises as quickly as possible (such as paying a ransom) to keep things up and running with minimal downtime. Complicating the situation is that attackers are no longer focused on just locking users out of their data, but often threaten (or do) post stolen information online. Other factors have only increased this risk, including the rapid work transformation brought about by the COVID-19 pandemic and the fact that more governments are paying ransoms than ever before. All contribute to an increasing number of attacks. 

So, what can you do about it? Here, we share three recommendations for enhanced security to prevent ransomware attacks on your business or government.

Simplify and Secure your Infrastructure

Today's technology infrastructures are pretty convoluted, including local government systems. It’s common for organisations and councils to entrust their cybersecurity to a mishmash of applications and solutions that are spread across disparate networks, including on-premise and in the cloud. At the same time, we see cybercriminals targeting a wider range of attack vectors, from email to network. 

One of the best things you can do is simplify your security. A trusted, single vendor can work with your office to deliver integrated protection against ransomware that is robust and responsive to fast-evolving threats. At Optec, for example, we partner with Fortinet to offer you the Fortinet Security Fabric for simple yet comprehensive protection against ransomware and other serious threats. Fortinet Security Fabric spans the extended digital attack surface to protect everything you need to serve your constituents—including your devices, data and applications.

By consolidating your security into a handful of easy-to-manage solutions spanning network, cloud and endpoint security, you can simplify, centralise and strengthen your overall security posture.

Ensure Resilience and Disaster Recovery

Another recommendation is to adopt a “not if but when” mentality when it comes to the security of your government or business technology environment. In the event the worst does happen, how will you recover and resume operations? Without a robust resilience and disaster recovery plan in place, you can lose precious time restoring critical services. 

To ensure minimal service disruption, a best practice is to include business resilience and disaster recovery plans in your overall security posture, in tandem with your ransomware protection strategy. Seek disaster recovery solutions that include instant recovery to accelerate your return to “business as usual” as quickly as possible. For more, please see this previous post on the key elements of a disaster recovery plan.

Defend your Backups

A disaster recovery plan should also include a backup solution. What assets and information are critical, and how will you back this data up now to ensure you can access it later, following a ransomware attack? However, while backups are key in the fight against ransomware, they too can also be hacked. It’s one reason why the National Cyber Security Centre recently updated its guidance to emphasise offline backups as a ransomware defence.

Whether online or offline, the solution is to choose a backup solution that's immutable, meaning that your backup files can't be encrypted or deleted by ransomware. At Optec, we partner with Assured Data Protection to provide a range of comprehensive data backup and recovery solutions that are fully immutable. Here’s a bit more:

  • Backup-as-a-Service (BaaS): A BaaS strategy leverages the expertise of a third party to manage the backing up of your essential data. Perhaps your local council has limited staff time or resources. Partnering with the right vendor can reduce these time and budgetary constraints. It’s a modern alternative to an in-house backup plan.

  • Disaster-Recovery-as-a-Service (DRaaS): In the event of a significant IT failure, your servers, applications and data can be brought online rapidly allowing your council to continue operating with minimum disruption. DRaasS takes our BaaS solution one step further by replicating all critical information to an offsite or protected disaster recovery location.

Are you Ready for Ransomware?

We hope this post helps you better understand the state of ransomware in local government. To reiterate the threat: last year, municipal governments were the target of 45% of ransomware attacks, far more than the next two oft-targeted sectors of healthcare (22% of ransomware attacks) and education (15% of ransomware attacks). 

All attacks are equally unwelcome, but, because local governments provide such critical services, your technology environment must be especially prepared to deal with the reality of today’s world. From streamlining your security to establishing a robust disaster recovery strategy to ensuring the best in backups, now is the time to invest in cybersecurity. 

Optec is here to help. To learn more about Fortinet Security Fabric, disaster recovery solutions, or Assured Data Protection, or simply to have a conversation about the state of things, please get in touch with our team at Optec today.

 

Want the latest news from Optec? Be sure to be sure to follow us on LinkedIn and Twitter.


Related posts

Previous
Previous

What Is the Right XDR Solution for Your Organisation?

Next
Next

Why Disaster Planning Matters & How to Create an Effective Recovery Plan