The Daviess County Public Library, after months of reconstructing its technology infrastructure, has just 1% of its more than 500,000 piece collection unaccounted for after its ransomware attack in late April.
What has allowed them to recover compared to other organizations who have experienced similar attacks was a mix of a solid recovery plan and ingenuity from staff, said Library Executive Director Erin Waller.
On April 28, the library was hit with a form of ransomware called Cryptoblocker. Its files were encrypted and held for ransom to the tune of six bitcoins, or $30,947, which the library did not pay.
"It didn't have as big an effect on us losing our collection," she said. "However, no matter how prepared you are there really is no way to stop the potential of an attack fully. A major aspect of our success so far was because we all jumped into action and got creative. If and when it happens again we will have these plans in place."
In the short term, library officials are planning on throwing roughly $10,000 at a series of measures that would ensure security as well as backups in the present and provide a solid foundation for the future. One of the most important aspects of these initiatives is strengthening the "human firewall," said IT Manager Brian Lashbrook.
"One of the measures that we will be looking at is KnowBe4," he said. "It is a program that focuses on cybersecurity training for staff. It goes through various types of potential scams, from phishing emails to false social media notifications and fake in-house correspondence. It also looks at interpersonal security like locking your work station and security in the workplace. Essentially it covers every human aspect of cybersecurity. The human firewall in terms of the training is to bolster that firewall and use your staff's knowledge to help prevent attacks."
Redundancy is the next key to strengthening the library's security, he said.
"We are using various paths for our backup systems," he said. "We are using local hard drives connected to our network as well as external drives that are stored offsite. We are also using Amazon Web Services, which is basically a cluster of cloud-based servers that has a vast amount of space for backups. Cloud is ultimately the best way to have a backup that is protected from any kind of physical damage."
The third major aspect of the plan moving forward is vetting various softwares that offer protection from the ever-evolving forms of malware and threats that pop up, he said.
"Currently, we are demoing various preventative softwares like Cylance," he said. "Right now we are using the built-in protections for Windows 10 as well as Symantec Endpoint for virus scans. In reality, there is no software out there that catches everything by itself. We are also having PCM-G Consultant Bill Uptmore and his team test our systems."
PCM-G will scan systems and look at the library's human practices, backups, passwords and procedures as well as programs to see where there are holes in their armor, Lashbrook said.
"It is a comprehensive review," he said. "They will also be hacking us to let us know where they have discovered holes. What is beneficial is that when they are done they will provide us with a list of what we need to do on our end ranked from highest priority to lowest. This way it isn't everything at once but a manageable time table. I think all of the work is paying off. I am now just getting to the point where I can look back and say, 'OK, this is where we need to go next.' I think we are at a spot that we can focus on the future. I feel pretty good, but you are never bulletproof. The best you can do is stay on top of things."
Jacob Mulliken, 270-228-2837, email@example.com