Why take the whole-of-state approach to ransomware protection and remediation

John M Lund Photography Inc/Getty Images

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Ron Nixon,
Public Sector CISO, Cohesity
 

Connecting state and local government leaders

By Ron Nixon

|

COMMENTARY | Using the best cybersecurity policies and data protection technology in a statewide framework allows local agencies to say no to any ransom demands, confident that their data is securely backed up and easily accessible.

The rise of ransomware attacks severely threatens state and local governments. Cities and local jurisdictions, already limited by staff and budget shortages, face an uphill battle against ransomware, especially when they have to go it alone. 

By adopting a whole-of-state approach, state leaders can share resources and knowledge with local, tribal and territorial leaders to create a trusted partnership and ensure jurisdictions have the necessary tools to implement proper security measures. Local governments can better counter ransomware and other attacks when they can tap into larger IT budgets, leverage staff and expertise from the state and share data and threat analysis. This approach breaks down silos and enables real-time collaboration, making states, cities and counties more resilient. 

The governor of New York formed a Joint Security Operations Center to serve as the nerve center for local, state and federal cyber efforts, which includes data collection, response efforts and information sharing. And Colorado, Virginia and North Carolina have also created intergovernmental commissions integrating CIOs and local officials to help with security policy. 

This cooperative, whole-of-state approach enables states, cities and counties to drive operational efficiency and increase cybersecurity postures. Providing local governments with access to protection and remediation solutions allows them to punch above their weight in the fight against ransomware. 

How data security aligns with whole of state

Threat actors can bypass government protection systems to avoid detection, leave backdoors in backups and launch an initial attack via email, a malicious link or social engineering. They have developed sophisticated processes and infrastructure geared toward exploiting gaps in municipal and county systems. For example, earlier this year, an attack on Oakland, California, resulted in network outages to the city’s systems prompting the declaration of a state of emergency. This impacted many city systems, which remained inaccessible while departments worked to safely provide services to the public. Time to restore in these instances is crucial, and every day that systems aren't online that means critical services are unavailable, causing disruption, lost revenue and subpar support to citizens.

To combat ransomware, jurisdictions must be able to rapidly restore from a data backup or archive. A multilayered data protection architecture should be the centerpiece of a whole-of-state framework. True multitenancy, secure data backup and rapid restoration dramatically increases the survivability of an organization. Using data security techniques like immutability, isolation, multiperson authorization, clean room operations and rapid granular or at-scale recovery ensures a clean, untampered data backup that can be easily and quickly restored. It prepares states, counties and cities to protect themselves against attacks and allows them to quickly recover their data confidently and without paying a ransom. Additionally, a single-platform technology with a single user interface offers flexibility in data storage and multitenancy for multiple jurisdiction backups and data sources on the same platform.

A multilayered data security architecture aligns with this holistic approach. Engineered with the right technologies, it can discover sensitive data and identify who can access it. It can also effectively capitalize on artificial intelligence to detect anomalies that indicate suspicious behavior, allowing IT security teams to contain an attack’s blast radius before extensive damage is done. 

Before anyone pays the ransom … or tries a point restore

A whole-of-state approach makes it easier for all stakeholders to come together before ransomware or malware strikes to share knowledge and expertise to prevent it. In addition, as the risk of ransomware attacks continues to grow, using the best cybersecurity policies and data protection technology in a statewide framework allows local agencies to say no to any ransom demands, confident that their data is securely backed up and easily accessible.

In conclusion, the whole-of-state approach is essential for protecting local governments against ransomware. By pooling resources and knowledge, using multilayered data protection architecture and technology and promoting collaboration between state, local, tribal and territorial leaders, governments can be better equipped to prevent and remediate ransomware attacks.

Ron Nixon is the Public Sector CISO at Cohesity.

NEXT STORY: How government can build secure and frictionless digital identity programs

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.