https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE 2022
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Commentaries


Image via Unsplash

Article

Responding to ransomware: Questions government business and tech leaders should ask

Responding to ransomware: Questions government business and tech leaders should ask

Answering the following questions can provide insights into how governments, large and small, can protect themselves from insidious ransomware attacks
  • Written by Doug Powers
  • 7th December 2020

When confronted with ransomware attacks that hold government data hostage, public leaders are forced to decide between paying the ransom or being without government services until they can be restored or rebuilt. At a time when COVID-19 requires a government of any size to function at the highest level, ransomware can bring public services related to utilities, law enforcement, and emergency response to a jarring halt.

Though it’s hard to say which city or town might be next, it’s nearly certain that ransomware attacks will continue to target governments around the country. Answering the following questions can provide insights into how governments, large and small, can protect themselves from these insidious attacks.

Questions for government business leaders

Are we prepared?

The first question for senior government leaders is whether you are prepared. Reverse planning can help answer this question. For example, in the event of a ransomware attack, which systems can the city not function without, and are those sufficiently protected? More than physical IT systems, being prepared is also about people. Do you have the right talent in place to thwart a ransomware attack or respond appropriately in the event of one? Do all government employees have the right training to avoid letting ransomware in?

Having an IT recovery back-up system and routinely testing it to confirm it works is also essential. Cyber wargaming exercises have become commonplace within the federal government and the commercial sector. State governments would do well to embrace these leading practices.

If attacked, can we recover, and if so, how long will it take?

The pervasiveness of ransomware attacks is often due to the increasing number of attack surfaces. Every city computer, connected police car, and employee email account are all possible access points through which ransomware can enter. So, while being prepared can potentially stave off and lessen the severity of attacks, there are simply too many entry points to assume confidently that a ransomware attack won’t make its way into a city or town’s network. This makes knowing if and how recovery occurs imperative. Understanding recovery means knowing the likelihood of success and the options available for the best chance of successfully regaining access to encrypted systems and files. It means knowing what systems the city can go without and for how long so that leaders can communicate the effective recovery to stakeholders and citizens. It also means having a decision-making process in place to evaluate whether to pay the ransom.

How do I secure funding for cyber resiliency?

Ensuring the municipality’s systems are properly resilient requires funding: training for staff, back up and security measures that need to be assessed and implemented, cyber insurance, and potentially new systems or support services. One helpful step to securing funding is to ensure budget leaders are properly educated on the risks and challenges of ransomware. Do they know how pervasive it is or how costly it can be to clean up? Partnerships with neighboring counties, cities, or at the state level can also help. While any city or town will have to budget, it’s imperative that the case is made for securing the IT systems necessary for the government to function and provide services.

These three simple questions can be difference makers for protecting governments against ransomware, but they aren’t the only questions that should be asked. Government technology leaders also have questions to ask.


Questions for government technology leaders

Do I know our network?

But really, do you know your network? Do you have a catalog of all endpoints or understand where vulnerabilities exist and why? Do you know which systems are critical, like those for emergency response, or where information is stored and where it is backed up? Do you have the right skills within your team to perform updates and administrative tasks? Knowing your network can keep IT leaders informed of their IT needs; it’s also necessary for answering the next question.

Am I confident of restoring systems from secure backup?

What may seem like a straightforward question may be less so when examined in detail. A city or town has several necessary servers, software tools, back-ups, and other IT systems, all of which may have unique requirements for protection. For example, how you protect and service an air-gapped system backup server is likely different than how you protect other IT systems. Knowing how each system needs to be defended and why is a critical second step. Deciding how to allocate limited resources depends on an honest appraisal of what is required to be confident in your ability to restore from backup.

Do I understand how to respond after an attack?

Firefighters have preplanned responses that manifest as muscle memory in the event of an emergency call. While IT admins may not have sirens to indicate they are responding, their response to a ransomware attack should be muscle memory, nonetheless. Understanding what steps to take quickly can have major implications for how bad a ransomware attack becomes; but in some cases, government leaders don’t have plans in place. The ones that do are often outdated or not specific enough, and they aren’t exercised frequently to create muscle memory.  Setting a plan in place to inform IT leaders and government employees at all levels — and routinely rehearsing it — is necessary to achieve success.

Answering these questions can seem like an academic exercise, but being unable to answer them can put a government at risk. When ransomware strikes, unprepared leaders may feel no other alternative but to pay the ransom, which not only doesn’t guarantee a return of encrypted systems, but our research indicates that it may in fact fuel further ransomware attacks. The only way to break the cycle of ransomware is for governments to be prepared.

 

Doug Powers is a managing director in Deloitte & Touche LLP’s Cyber Risk practice specializing in providing managed security services to help clients protect and defend their Internet of Things (IoT) and operational technology (OT) ecosystems. Contact him at [email protected].

Tags: homepage-featured-3 homepage-featured-4 Smart Cities & Technology Commentaries Article

Most Recent


  • With the digital evolution, equity in accessibility is of utmost importance
    When historians write the history books of tomorrow, they’ll note a sharp divide in the timeline: Pre-pandemic and what came after. This chasm spans industry and locality, impacting just about every aspect of society, such as the way governments interact with constituents in the digital realm. Before stay-at-home orders and mask mandates were issued, residents […]
  • MSPs
    The MSP downstream cyberthreat paradox: Understanding the city and county connection
    Recently the Cybersecurity and Infrastructure Security Agency (CISA) along with the FBI, NSA, and international cyber authorities issued a cybersecurity advisory aimed at protecting managed service providers (MSPs) and their customers. This high-level advisory has been gestating for some time ever since the SolarWinds and Kaseya supply chain cyber-attacks. A software supply chain attack occurs […]
  • As ransomware threat increases, a shift in minimum cyber insurance standards is hardening digital defenses
    In the last decade, the threat of ransomware and other cyberactivity has increased dramatically—more than ever, targeted organizations are paying the criminal perpetrators to have their information restored.  “Over the last year there has been an almost threefold increase in the proportion of victims paying ransoms of $1 million or more: up from 4 percent in 2020 […]
  • EV chargers
    Cities steadily adding more EV chargers for public to use
    Local governments are making headway as they develop their electric vehicle (EV) infrastructure. “Progress varies depending on what stage governments are at in the electrification strategy and funding availability,” says Brandon Branham, assistant city manager and chief technology officer for Peachtree Corners, Ga., which is part of the Atlanta metro. Its 2022 population is estimated […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • North Texas alliance partners with Marketplace.city on smart government solutions
  • Harris County deploys next-generation security in 150 public buildings
  • Prioritizing rapid restore leads to stronger ransomware attack recovery
  • Today’s infrastructure needs greater than roads and bridges - It’s time to face our digital connectiveness

Twitter


AmerCityCounty

Amid digital evolution, equity in accessibility is of utmost importance dlvr.it/SQwZ3b

23rd May 2022
AmerCityCounty

Hand Hygiene: Compliance Matters dlvr.it/SQwL8f

23rd May 2022
AmerCityCounty

What it Takes to Build a Winning Esports Program dlvr.it/SQwJRj

23rd May 2022
AmerCityCounty

Sixth-Largest US School District Saves Over $500,000 by Utilizing a Cooperative dlvr.it/SQwHPv

23rd May 2022
AmerCityCounty

Amid shifting workplace expectations, local government employers must adapt dlvr.it/SQm2RT

20th May 2022
AmerCityCounty

Smart911 emergency profiles provide first responders with more information, faster dlvr.it/SQh9gl

19th May 2022
AmerCityCounty

Minor league baseball is helping cities hit a revitalization home run dlvr.it/SQc5N4

18th May 2022
AmerCityCounty

Sustainable Purchasing Leadership Council can help governments get up to speed on sustainable buys dlvr.it/SQbwqL

18th May 2022

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X