Why take the whole-of-state approach to ransomware protection and remediation
COMMENTARY | Using the best cybersecurity policies and data protection technology in a statewide framework allows local agencies to say no to any ransom demands, confident that their data is securely backed up and easily accessible.
The rise of ransomware attacks severely threatens state and local governments. Cities and local jurisdictions, already limited by staff and budget shortages, face an uphill battle against ransomware, especially when they have to go it alone.
By adopting a whole-of-state approach, state leaders can share resources and knowledge with local, tribal and territorial leaders to create a trusted partnership and ensure jurisdictions have the necessary tools to implement proper security measures. Local governments can better counter ransomware and other attacks when they can tap into larger IT budgets, leverage staff and expertise from the state and share data and threat analysis. This approach breaks down silos and enables real-time collaboration, making states, cities and counties more resilient.
The governor of New York formed a Joint Security Operations Center to serve as the nerve center for local, state and federal cyber efforts, which includes data collection, response efforts and information sharing. And Colorado, Virginia and North Carolina have also created intergovernmental commissions integrating CIOs and local officials to help with security policy.
This cooperative, whole-of-state approach enables states, cities and counties to drive operational efficiency and increase cybersecurity postures. Providing local governments with access to protection and remediation solutions allows them to punch above their weight in the fight against ransomware.
How data security aligns with whole of state
Threat actors can bypass government protection systems to avoid detection, leave backdoors in backups and launch an initial attack via email, a malicious link or social engineering. They have developed sophisticated processes and infrastructure geared toward exploiting gaps in municipal and county systems. For example, earlier this year, an attack on Oakland, California, resulted in network outages to the city’s systems prompting the declaration of a state of emergency. This impacted many city systems, which remained inaccessible while departments worked to safely provide services to the public. Time to restore in these instances is crucial, and every day that systems aren't online that means critical services are unavailable, causing disruption, lost revenue and subpar support to citizens.
To combat ransomware, jurisdictions must be able to rapidly restore from a data backup or archive. A multilayered data protection architecture should be the centerpiece of a whole-of-state framework. True multitenancy, secure data backup and rapid restoration dramatically increases the survivability of an organization. Using data security techniques like immutability, isolation, multiperson authorization, clean room operations and rapid granular or at-scale recovery ensures a clean, untampered data backup that can be easily and quickly restored. It prepares states, counties and cities to protect themselves against attacks and allows them to quickly recover their data confidently and without paying a ransom. Additionally, a single-platform technology with a single user interface offers flexibility in data storage and multitenancy for multiple jurisdiction backups and data sources on the same platform.
A multilayered data security architecture aligns with this holistic approach. Engineered with the right technologies, it can discover sensitive data and identify who can access it. It can also effectively capitalize on artificial intelligence to detect anomalies that indicate suspicious behavior, allowing IT security teams to contain an attack’s blast radius before extensive damage is done.
Before anyone pays the ransom … or tries a point restore
A whole-of-state approach makes it easier for all stakeholders to come together before ransomware or malware strikes to share knowledge and expertise to prevent it. In addition, as the risk of ransomware attacks continues to grow, using the best cybersecurity policies and data protection technology in a statewide framework allows local agencies to say no to any ransom demands, confident that their data is securely backed up and easily accessible.
In conclusion, the whole-of-state approach is essential for protecting local governments against ransomware. By pooling resources and knowledge, using multilayered data protection architecture and technology and promoting collaboration between state, local, tribal and territorial leaders, governments can be better equipped to prevent and remediate ransomware attacks.
Ron Nixon is the Public Sector CISO at Cohesity.