When we think of disaster readiness, images of fires, storms, or floods usually come to mind. But in today’s digital era, disasters are just as likely to be silent, invisible, and entirely online. Ransomware attacks can cripple essential services, disrupt governance, and erode public trust – and for municipalities, the stakes couldn’t be higher. Doros Hadjizenonos, Regional Director at Fortinet South Africa, warns that “ransomware readiness must be treated with the same urgency as any other disaster recovery and business continuity plan because our urban life depends on digital systems that cannot afford prolonged downtime.”
Why ransomware readiness matters
The consequences of a ransomware attack extend far beyond IT disruption. From payroll systems to water treatment plants, when digital infrastructure is compromised, the civic and financial impact can be catastrophic. In 2023, the Municipal Water Authority of Aliquippa in Pennsylvania suffered an operational technology outage. In Oakland, California, ransomware attacks paralysed financial systems and delayed vendor payments. Globally, similar attacks have temporarily halted emergency services and hospital operations, proving that municipalities depend on interconnected systems vulnerable to disruption and data corruption. As Hadjizenonos explains, “The question is not if an attack will happen but whether we have the cyber resilience and business resilience to recover quickly when it does.”
South Africa’s vulnerability and the opportunity to act
South Africa ranks among the most targeted countries for cybercrime, according to FortiGuard Labs and Interpol. Many local governments operate with a mix of outdated systems and newer technologies, creating exploitable blind spots and increasing the risk of insider threats. The Auditor-General’s 2022–23 report found that 71% of municipalities still lack effective information security controls and data encryption measures. Budget constraints, limited skills, and outdated infrastructure compound the problem.
While some municipalities are taking steps to strengthen digital governance, Hadjizenonos emphasises that “we must shift from reactive cybersecurity to proactive ransomware readiness to ensure uninterrupted public services, even when an attack is inevitable. This includes implementing multi-factor authentication, robust data loss prevention strategies, and comprehensive backup policies as part of a holistic data protection strategy.”
Three core pillars of ransomware readiness
1. Always-on incident response
Think of it as the cyber equivalent of a fire drill – not a static document, but a living, practised plan. Municipalities need incident response teams, clear communication protocols with citizens, and regular simulation exercises. According to Hadjizenonos, “Swift action is critical to minimising public impact and restoring essential services, and that only comes from rehearsing responses long before the real incident happens.” Effective threat detection, automated backups, and regular disaster recovery testing are crucial components of this strategy.“ Recovery planning should include defining Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) to ensure minimal disruption to critical services.
2. Microsegmentation – a digital floodgate
Microsegmentation divides networks into isolated compartments, preventing attackers from moving laterally across systems. If billing systems are breached, for example, operational technology controlling water or traffic systems remains secure. “It’s like sealing off a flood in one part of a city,” says Hadjizenonos, “ensuring it can’t reach other vital areas. This approach, combined with Role-Based Access Controls (RBAC), significantly enhances our defence against cybersecurity threats.”
3. Immutable backups – the digital insurance policy
Immutable backups ensure that unalterable copies of essential data are stored securely offline. Even if ransomware wipes or encrypts primary systems, municipalities can restore operations, safeguard citizen records, and maintain public trust. Hadjizenonos calls this approach “a non-negotiable digital insurance policy that guarantees we can bring systems back online no matter how destructive an attack is.” Implementing immutable storage, air-gapped backups, and chain-free backups is crucial for maintaining backup integrity and ensuring successful backup restoration.”
Effective storage management and storage optimisation are key to this strategy. Municipalities should also consider cloud backups for additional redundancy and implement data retention periods that balance long-term retention needs with storage costs.
Cybersecurity as a civic responsibility
Ransomware readiness is no longer just an IT issue – it’s a public safety imperative. Robust digital infrastructure is as essential to citizens’ well-being as roads, water, and electricity. Failure to prepare comes at a high cost: financial losses, service disruption, and long-term damage to public trust. As Hadjizenonos points out, ” With the right tools, training, and partnerships, South African municipalities can build resilience that protects both systems and the people who depend on them.” This includes adhering to compliance requirements and regulatory compliance standards.”
Public-private partnerships, such as the World Economic Forum’s Cybercrime Atlas, play a crucial role in dismantling criminal networks and strengthening municipal readiness. Municipalities should also consider cyber insurance as part of their financial risk mitigation strategy.
The next wave of ransomware attacks is inevitable. The real test will be whether South Africa’s municipalities can withstand the attack, recover quickly, and keep serving citizens without interruption. By focusing on comprehensive backup and recovery solutions, maintaining operational continuity, and regularly testing their disaster recovery plans, local governments can significantly enhance their ransomware recovery capabilities and overall cyber resilience. Implementing robust access controls, maintaining backup redundancy, and establishing clear data retention policies are all critical steps in building a resilient municipal infrastructure capable of withstanding and recovering from cyber attacks.
