On May 7 2019, Baltimore City officials woke up to a harsh reality check: a ransomware cyber-attack. Anonymous hackers had breached the city's servers and had effectively locked away Baltimore's digital content, and were now demanding for $113,000 per day to relinquish the data.
The city's operations ground to a halt. Government emails were down, online payments for public utilities had frozen, and real estate transactions out of bounds. It would take weeks, or even months to restore the city's data.
Before normalcy is restored, the city is staring down the possibility of enormous damage. But the glaring reality is that the city could have avoided this damage had it taken measures against such a possible eventuality.
Here is what Baltimore officials could have done to protect, prevent or recover quickly from this cyber attack.
How to prevent cyber attacks
- Security awareness training
Hackers often target the weakest points in the chain-link of your security systems. They raid the network with disguised links and email attachments hoping that an unwitting employee would somehow click on them and welcome the ransomware into the system. Train all employees to avoid opening strange links and unsolicited email attachments.
- Regular updates and patches
Preventing ransomware from infecting your systems may require proper endpoint security. Attackers look around for vulnerabilities in the system to help them gain entry into your data. Update all the devices connected to the system and apply the latest security patches to safeguard them.
- Continuous vulnerability assessment
It appears Baltimore city was a sitting duck for potential hackers. Their data security systems had not been updated with the security measures to seal any vulnerabilities. It was then possible for attackers to raid the data and seal it off for ransom.
- Up to date asset inventory
It is likely that Baltimore officials did not have an up to date asset inventory, hence, creating a loophole for cybercriminals. It is always important to check which devices are legitimately connected to your clouds so you can recognize strange or unmanaged connections and weed them out.
- Real-time traffic monitoring
Recovery from cyber-attacks
Are the data systems insured?
Even with the strongest protection measures in place, there may be times when your security systems fall short. This possibility brings to the fore the importance of disaster preparedness. The first step in the right direction is to insure all your data systems. It appears Baltimore had not gone this route, hence, the huge financial loss glaring at them. Insurance would help set up and reconfigure the compromised hardware and software, and get things up and running within a short time.
Reliable backup and recovery
It would also have been crucial for the city of Baltimore to maintain regular and secure data backups that would have helped in quick recovery. At the moment, city officials are laboring at manual workarounds which are likely to take long and occasion costly repercussions. These backups should be independent of the operational data systems to prevent them from being compromised as well.
The threats of ransomware attacks continue to grow, with attackers targeting public and government institutions. Some of these institutions have paid out ransom before to regain their data, making it quite lucrative to the hackers. It is important for all organizations to take measures such as training their employees, applying regular updates and patches and setting up reliable and secure backups.