Protecting 2020 election infrastructure from ransomware
- By Sam Roguine
- Jan 27, 2020
Ransomware attacks are happening at an alarming rate, with over 500 new threats every minute. Local and federal governments are frequent targets of these heinous crimes, with several cities falling victim to attacks in 2019 alone. Baltimore, for instance, paid $18.2 million to restore its systems and operations, and it took months to get back to normal. Soon after the attack, city officials announced a plan to invest in business continuity and disaster recovery. It was too little, too late.
With the rise of targeted attacks, and increased attention on protecting the 2020 elections from interference, municipalities must now put the wheels in motion to ensure they’re prepared to face these modern-day cyber threats.
Government IT teams can start by taking stock of their IT environments. Most are a chaotic mess of legacy, on-premises and cloud environments, consisting of data, systems and applications that must be protected from external attacks, including ransomware.
Once a full hardware and software inventory has been made, IT pros should rank data and workloads in order of their importance to maintaining fluid operations. The data and systems identified as mission-critical should be documented as such and prioritized as “most secured” and “recover first” in business continuity plans.
Ensure business continuity and disaster recovery plans are ransomware-proof with testing
Once the processes, procedures and responsibilities are cataloged and communicated to the entire team – including everyone from IT security to backup administrator to the executive level – it’s important to continuously test the plan. IT teams should use metrics like recovery point and recovery time objectives to help ensure that data and applications are not only restored within seconds and minutes, but also that the most current version is available. It will do agencies no good if they lose two weeks’ worth of data because they’re restoring outdated files, even if they restore that data in record time.
When these plans are implemented correctly, it can be a real lifesaver. A recent ransomware attack on New Orleans was able to cripple some systems, but the city had a well-designed business continuity plan. As a result, emergency services were still able to function without disruption as the ransomware remediation process was underway.
Backing up data might be a good solution for most government services, but when it comes to preventing data loss during an ongoing election, agencies may need to look into continuously replicating data and systems.
Imagine if the 2020 election systems were hacked, resulting in an hours’ worth of data – and thousands of votes -- being lost. Continuously replicating data takes a journal-based approach to copying data at the byte-level in real time and can help ensure the most current version is always instantaneously available.
Keeping backups safe
Whether data is backed up or continuously replicated, it’s important to ensure these “safety files” can’t be accessed by cybercriminals. Hackers today know they won’t be able to solicit ransom payments if agencies have reliable backups, so now attackers are targeting backups in addition to primary data, leaving agencies with no choice but to pay up. Putting these systems on a separate domain, implementing strong access credentials and always using encryption are some basic steps agencies can take to keep these systems safe. Additionally, a cybersecurity solution that’s tuned to identify good, known encryption versus bad, unknown encryption will catch these instances earlier in the attack kill chain.
If 2019 is any indicator of the relentless cyberattacks on government, we know cybercriminals find new ways to steal data and disrupt operations. To avoid being an election interference headline, governments must clamp down on their business continuity and disaster recovery strategies to keep voter data safe from ransomware threats. Elections – and government services in general – will be prime targets for these criminals, but they can be thwarted through a pragmatic and carefully architected resiliency plan.
Sam Roguine is director, solution marketing and enablement, at Arcserve.