Procurement's Guide to Protection Against Ransomware

Imagine suffering a data breach at your agency so major that you are forced to notify hundreds of thousands of people that their names, Social Security numbers, individual taxpayer identification numbers, birth dates, etc. were stolen. The Centers for Medicare & Medicaid Services (CMS) — a U.S. federal agency within the U.S. Department of Health and Human Services (HHS) — fell victim to this situation just this year. Ransomware attacks continue to rise among government agencies and educational institutions, becoming one of the largest online threats today.

The average loss amount stemming from ransomware attacks in the first half of 2023 exceeded $365,000. Also in 2023, ransomware attacks affected 66% of organizations and were involved in 24% of all data breaches. Cybersecurity is a top priority for government agencies as IT experts report that central and federal government agencies, as well as local and state government agencies, are among the top ransomware targets. This year investigators expect the ransomware industry to consolidate into larger, more sophisticated groups automating more of their attacks.

Agencies are faced with costly disruptions along with the loss of sensitive data, and procurement teams are working to align with the IT and security management colleagues for a proactive approach. Procurement leaders are looking to their cooperative purchasing organization to pinpoint strong solutions to protect against an increasing number of cyber extortion attacks.

Procurement leaders — read on to see how you can better prepare your agency or school against ransomware attacks by leveraging industry-leading IT solutions through your cooperative purchasing organization.

How Can Your Agency or School Be Impacted? 

Ransomware attacks can be devastating for government agencies and schools as they’re left without the data needed to operate and deliver mission-critical services. Even if you do pay the ransom — which the Cybersecurity and Infrastructure Security Agency (CISA) has seen as high as $1 million — there’s no guarantee all your files will be recovered. The process of recovering files and data itself is difficult.

Notable Ransomware Attacks

Remember when the Colonial Pipeline was hit by a ransomware attack in May 2021 and shut down fuel delivery between the gulf coast and the east coast? It took almost a week to restore service, and the cyber criminals also released the personal information of company employees. As the biggest fuel provider in the nation, people across several states started panic-buying, which lead to long lines and drivers having a difficult time finding fuel to fill up their vehicles.

Hackers targeted the Washington DC Police Department in 2021 when they hacked their server, posting a ransom note claiming they’d stolen more than 250 GB of data that threatened to publish the material if they weren’t paid. It turned out that the payment offer wasn’t enough to prevent the ransomware group from publishing the data and personnel files.

Opportunity for Education & Awareness

The examples above are just two of over 2,000 ransomware attacks on schools, local governments and healthcare organizations that occurred in 2021. At of the end of 2023, this number rose to nearly 5,200. Seeing the aftermath and response presents an opportunity to learn from and spread awareness within your organization. To align better with your IT and security management stakeholders, procurement teams can equip their teams with a wide range of strong IT solutions through national industry-leading suppliers. Let’s take a look at how to get started.

Deploy a Comprehensive Strategy

As ransomware attacks become more sophisticated and deliver devastating impacts to organizations, we spoke to IT industry expert John A. Stewart, who serves as Vice President, IT Sales and Strategy at Ricoh USA, Inc.

Stewart provided insight into how having a comprehensive security strategy is critical.

OMNIA Partners supplier Ricoh offers RansomCare, a vital element to an overall in-depth defense security strategy and acts as a last line of defense to stop an attack in near real-time. It safeguards against financial loss and reduces recovery time.

You can schedule a free assessment with Ricoh to better understand the cybersecurity resources available to your organization.

Best Practices in Ransomware Prevention

Ransomware is a low-cost, high-profit model and cyber criminals love this tactic. To better prepare your agency or school system, CISA recommends the following precautions to protect users from ransomware threats:

• Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
• Never click on links or open attachments in unsolicited emails.
• Back up data on a regular basis. Keep it on a separate device and store it offline.

OMNIA Partners supplier Insight Public Sector’s future-ready cybersecurity services help you navigate and manage complicated IT environment working with you to develop, implement and optimize your strategy. Here are key ransomware preventative measures you can start using right away:

• Regular system updates
• Advanced email phishing protection
• Strong Identity and Access Management (IAM) security
• Restricted permissions and limited network access
• Automated, secure data backup tools

As you address your current cybersecurity strategy, supplier partner SHI can help you with endpoint and network security, help you design a successful security strategy, and seamlessly adopt security solutions that fit your current and future needs.

These are just a few of the IT security solutions procurement teams can access through the OMNIA Partners cooperative contract portfolio.

How a Cooperative Can Help

Robust cybersecurity technology in schools and government agencies has never been more critical. By leveraging IT cooperative contracts, you get top of the line solutions faster, more efficiently and at the best value.

The IT space is just one of many categories that procurement teams are managing in their diverse spend cube. Consulting with a cooperative purchasing organization can help you stay organized and ahead of these ever-changing industries while saving time, money and resources. It’s a great time to get familiar with the benefits of partnering with a cooperative.