Over the last few years, we’ve all witnessed the rise of ransomware and the impact that it has had on educational institutions, healthcare organizations, financial services organizations, and government agencies. From the data loss to the impact on the bottom line if the ransom is paid, a ransomware attack has long-term consequences for the victimized organization. But the Delaware Department of Correction has turned the tables on ransomware and built a resilient data management infrastructure that can mitigate the impact of an attack across the board.
“Ransomware attacks are both inevitable and preventable,” shared Phil Winder, Chief Information Officer of the Delaware Department of Correction. “While no one will ever want their organization to go through one, there are steps that you can take to be prepared to avoid data loss and paying the ransom.”
Despite few headlines about attacks on corrections departments, Winder explained that they are, in fact, prime targets. “If you think about it a corrections department is much like a city within a city,” he noted. “There’s lots of valuable information including publicly identifiable information (PII), personal healthcare information (PHI) and other medical records, and rehabilitation and release information, to name just a few.” In other words, if a ransomware attack was launched on a corrections department, the incentive to pay the ransom to restore data and resume normal operations is high.
But Winder has developed a set of best practices that has proven highly effective against ransomware attacks. “The foundation of our counterattack on ransomware is education,” shared Winder. “Phishing emails with links and attachments are the single biggest entry point for a ransomware attack. It’s essential that every employee is part of an on-going education program that continually reinforces the fundamentals of phishing. We’ve been able to implement these strategies across the agency thanks to our partnership with the Delaware Department of Technology and Information.”
What came next for the Delaware Department of Correction team was building a way to maneuver around the ransomware itself. “Good backup data is the key to survival,” said Winder. “Being able to access data that was recently backed up and restore it quickly defeats the purpose of the ransomware attack.” To build a ransomware-proof data environment, Winder and his team partnered with Commvault in order to ensure that they had the right resources to plan, strategize, and build the backup and recovery capabilities.
“As a former federal agency CIO and in my recent capacity as the state CIO for Michigan, I know the challenges that my peers have in facing these challenges and finding the resources to mitigate these costly attacks,” shared David DeVries, who leads Strategic Initiatives for State, Local Government and Higher Education Industries for Commvault. “We’ve worked together not only to build a resilient data backup infrastructure, but we’ve built a capability that is flexible enough to grow and is able to support Winder and his team as they drive their digital transformation process.”
While ransomware will continue to be a burden for all public sector agencies to bear as the Delaware Department of Correction has shown it is possible to mitigate its impact. Through smart investments in education, infrastructure, and partnerships Phil Winder and his team have not only eased the burden of ransomware attacks but have proved it is possible to tackle it head on and defeat it.