City of Baltimore Ransomware Attack: What Should We Learn?

City of Baltimore Ransomware Attack: What Should We Learn?

img-blog-city-of-baltimore

Lately, it seems like reports of cyberattacks are as common a staple of evening news report as traffic updates and 5-day forecasts. Despite that, we see many organizations that continue to lack the appropriate technology and procedures to reduce their risk of being a victim of cyber criminals.

We understand why: business owners and top executives face a long list of demands on their time. It is hard to move cyber defense up the to-do list and give it the time that it requires to be done right. However, the scale of this threat to an organization is often much greater than some of the responsibilities and tasks that are prioritized ahead of it.

Take the recent attack on the city of Baltimore as one example of the risks of that approach. The city’s budget office estimated that a recent ransomware attack on city computers will cost at least $18.2 million. The unfortunate reality is that some cyberattacks are nearly impossible to prevent. However, far too many could have been prevented or limited in scope by following established best practices. The attack on the city of Baltimore is a good reminder of this. After the attack, an audit the city’s Information Technology department found that the agency lost key data due to an outdated method for storing files; many city employees were storing key data on the hard drives in their individual computers instead of centralized, backed-up storage. Centralized storage can be backed-up and isolated from the rest of the system. If that were done with the important information in this instance, then the city would have significantly limited the data lost in the incident and reduced downtime following the attack.

Here are a few initial steps to take to help reduce the risk of a ransomware attack:

  1. Update policies and procedures. Let employees know that your organization’s data should not be stored exclusively on their device’s hardware.
  2. Train your employees. Every employee should know how to identify suspicious emails that can lead to an attack.
  3. Make sure that your data is being backed up appropriately and that the integrity of those backups is being checked regularly.
  4. Keep your systems up to date. Software vendors are constantly being made aware of new vulnerabilities and are working to patch those vulnerabilities. If you are not keeping your systems up to date, then you are making your system susceptible to being another victim of these known issues. (Note: patches can come with their own set of issues, so make sure that your patches are being vetted by an expert before installing them).

"Baltimore IT department uses “mind-boggling,” outdated storage method, audit finds” Web log post. Luke Broadwate.. Web. 27 September 2019.