How to Protect Critical Public Safety Data from Ransomware Attacks

Increasingly, government agencies are targeted by ransomware attacks. In 2023, there were 156 ransomware attacks reported against government agencies, making the public sector the third most targeted infrastructure sector that year. 

There are three reasons for the rise in government attacks. Agencies handle sensitive data, they often lack advanced security measures, and the disruption of public services can adversely affect communities.

If emergency response is compromised, lives are at stake. And that’s exactly what cybercriminals are counting on. It’s the same reason healthcare organizations have been targeted more frequently. Hackers want to make organizations choose between paying the ransom to save lives and the risks of refusing to pay. 

The time to protect your agency is now – before an attack occurs. In this article, we will discuss how to protect sensitive data and what to do if your agency is targeted.

The Growing Threat of Ransomware Attacks on Public Safety Agencies

From 2022 to 2023, public sector ransomware attacks increased by roughly 51%. And between 2018 and 2023, the U.S. saw 423 ransomware attacks against government agencies.

As attacks increase, so does the cost. Between 2020 and 2021, the cost of malicious attacks ballooned by 68%. Remember those 423 attacks? They cost $860 million in downtime alone.

Downtime refers to the period of time when systems, networks, or services are unavailable due to malicious software locking or encrypting data. This disruption can halt business operations, leading to significant productivity and financial losses while the agency works to restore access and secure its systems.

Downtime can last a while, adversely affecting the millions of people who rely on government and emergency services. Between 2018 and 2023, the average downtime caused by ransomware was 14 days. And it’s estimated that a single day of downtime costs government agencies $167,798.

You can do the math. According to averages, a ransomware attack could cost your agency $2.3 million in downtime alone.

This begs the question: how secure is your data, and how do you protect it?

Key Strategies for Protecting Sensitive Data

Implement Strong Access Controls

Protecting sensitive data starts with restricting access. Agencies should implement role-based access controls so only authorized personnel can access specific sets of data. This involves using strong authentication methods to verify user identities (i.e. multi-factor authentication).

Update and Monitor Systems

Cybersecurity is a constantly evolving field, and vulnerabilities can be exploited quickly. Regularly updating and patching operating systems and network infrastructure can protect your agency against security holes that could be exploited by attackers.

You may also consider implementing a real-time monitoring system to detect unusual activities or potential breaches. These systems should be supported by a responsive cybersecurity team that can quickly address any security incidents.

Encrypt Sensitive Data

Encryption is a standard practice for protecting data. Thanks to encryption, data is unreadable without the correct decryption keys, even if data is accessed with authorization.

Cloud-based solutions do exactly this – automatically encrypting data both in transit and at rest. They use advanced encryption protocols to ensure sensitive data remains secure against unauthorized access, even if physical security measures fail.

Train Employees

According to a joint study by Stanford University and Tessian, the majority of security breaches (88%) are caused by human error. To combat this, regular training programs should be conducted to educate employees about the latest cybersecurity threats and safe data handling practices. By making personnel aware of phishing schemes and social engineering tactics, you can reduce the risk of inadvertent data leaks.

Implement Cloud-Based Solutions

Cloud-based solutions offer protection against ransomware and security breaches by providing many of the best practices listed above. Keep reading to learn how it can fight against cybersecurity threats.

How Does Ransomware Spread?

Ransomware attacks most commonly occur in one of the following ways:

• Phishing emails containing malicious links or attachments
• Drive-by downloading from compromised websites
• Exploiting vulnerabilities in software and networks 

Once clicked or downloaded, the malware encrypts the victim’s files, demanding a ransom for decryption. Ransomware can also spread across networks, infecting other connected devices and servers, magnifying its impact and making containment and recovery more challenging.

Social engineering tactics may also be used to trick users into enabling macros or granting administrative access, which facilitates the spread and effectiveness of the attack.

Importance of Secure, Cloud-Based Storage and Backup

With secure data storage and backup, public safety agencies can protect (and maintain access to) emergency response plans, personnel records, incident reports and more.

Cloud backups enable quick data recovery in the event of hardware failures, natural disasters or cyber-attacks. That way, public safety operations can continue with minimal interruption. 

Cloud-based solutions also offer protection against ransomware and security breaches by implementing advanced, continuously updated security measures. In addition to automated backups, these platforms typically include cutting-edge encryption, intrusion detection and compliance programs.

Furthermore, many cloud providers deploy extensive monitoring and threat detection systems that identify and mitigate potential security threats in real-time. This proactive approach reduces the risk of ransomware and ensures rapid response to any security incidents.

With the wellbeing of your citizens at stake, your agency cannot afford downtime caused by a security breach or ransomware. With a trusted cloud solution, you can focus more on serving the community and less on managing IT security.

Steps to Take When Responding to a Ransomware Attack

Most importantly, we recommend being proactive and preventative by implementing cloud-based storage and security measures before an attack occurs. But if the worst has already happened, here are several key steps to mitigate damage and restore operations.

The first step is to isolate the affected systems to prevent the spread of the ransomware. This involves taking the network offline (if possible) and disconnecting all devices from the network (infected and non-infected). Power down any devices you can’t disconnect.

Simultaneously, your agency should secure a backup of data that hasn’t been encrypted by the ransomware. Though not always possible, this step is necessary to restore mission-critical information and maintain operations. Before use, verify that these backups are clean and not infected with ransomware themselves.

Next, your agency should try to identify the strain of ransomware to understand its potential weaknesses. Your internal IT specialists or external cybersecurity experts may be able to provide information about decryption tools and strategies for specific ransomware variants.

Following identification, your agency should report the incident to CISA, your local FBI field office, and/or the FBI Internet Crime Complaint Center (IC3). These entities can provide additional support, guidance and resources to aid in recovery.

Finally, the affected agency should begin the recovery process by cleaning infected systems, restoring data from backups, and carefully bringing systems back online. This process should be conducted in stages to ensure systems are clean and secure before being reconnected to the network.

It is generally recommended that government agencies do not comply with ransomware demands. Paying the ransom isn’t guaranteed to restore your data, and it encourages future ransomware attacks. For a more thorough step-by-step process for responding to ransomware attacks, review this valuable CISA resource.

How to Get Started

CentralSquare offers enhanced security of critical, life-saving data protected from hackers and ransomware breaches. As one of our cloud partners, CentralSquare collaborates with Amazon Web Services (AWS) to provide your agency and community with the best in cloud security and reliability.

By moving to a cloud provider, your public safety agency can proactively protect itself against cyberattacks and focus resources on protecting citizens.

If you’d like to talk to someone about how CentralSquare solutions can help your agency (instead of reading more web pages), schedule a discovery call today.