Decentralizing Data Using Cloud Networks Limits Cyber Attack Harm

December 19, 2024

The City of Germantown, Tennessee recently reported that the city government had experienced "a malicious cybersecurity incident." The FBI is assisting with the criminal investigation.

The city received reports of the disruption at around 6:00 a.m. on the morning of the attack, and many systems throughout the city were taken offline as a security measure.

The attack was contained. The servers were isolated and all network computers were shut down. The attack potentially affected a limited number of internal, on-site servers. The city says IT staff and incident response specialists were working to restore system functionality and further limit the impact of the incident.

911 services were fully operational, the city said. However, other phone lines to city offices were affected.

Data related to finance, utilities, and payment information have not been compromised. The city says those systems are intentionally cloud-based to limit the scope of potential cybersecurity attacks. David Royer, Shay Simon "FBI investigating Germantown cyber attack" wreg.com (Feb. 02, 2023)

Commentary

This serves as an example of how planning can minimize the impact of a successful cyberattack.

The potential damage was limited to certain on-site servers and did not affect the cloud-based data hosting locations, according to the city. The city's decision to keep a portion of its network localized on-site and keep crucial and sensitive data compartmentalized on cloud-based servers was a good decision.

Although this kind of approach may not be a good fit for every organization in every case, it illustrates the importance of spreading network assets over a larger target area to minimize the impact of a successful malware penetration on one particular server or network node. Strong firewalls and compartmentalization between those assets are key to minimizing the disruption to your organization in the event of a successful malware attack.

One as-yet unreported aspect of this attack is how the on-site servers were infected in the first place. It is probable the malware entered the city's network through one of two attack vectors. Most likely, a user clicking an embedded link in an email or text message or downloading a corrupted file was the method of entry. This is by far the most common way for malware to enter a system.

Constantly train employees on social engineering and other ever-changing cyberattack methods.

Another, slightly less common, attack vector is outdated or unpatched software, which is often exploited by cybercriminals when found on a system. Keep all programs up to date and patched.

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Do Employees Want More Or Better Benefits? You Make The Call

Research suggests the size of a benefits package is not necessarily what increases employee satisfaction. You make the call.

Ignoring Reports Of Discrimination: An Unhealthy Risk For Healthcare Employers

A hospital administrator sued her former healthcare employer for retaliation after she reported age and gender discrimination. Learn about the risks of ignoring complaints.

Pretextual Terminations And Selective Enforcement Of Policies

The head of Kansas City's Civil Rights and Equal Opportunity Department was terminated, allegedly based on discrimination. We examine the issue of pretextual terminations.

Is Your Organization Facing A "Perfect Storm" Of Well-Being Challenges? You Make The Call

A UK study claims a perfect storm of well-being challenges have hit the UK. What about your organization? Let us know. You make the call and join the conversation.

Physician's Methods And Manners Spark Mass Litigation

A group of female patients sue a medical center because of the actions of one doctor, who denies any wrongdoing. How should healthcare employers prevent mass claims of sexual abuse? We examine.