The St. Paul Cyberattack and Its Broader Implications
I’ve been reading about the cyberattack that recently shut down city systems in St. Paul, Minnesota. Officials declared a state of emergency and called in the National Guard’s cyber protection team. It was a rare step, taken only when local capacity was overwhelmed and external support became essential.
This kind of activation doesn’t happen often. Since 2018, National Guard cyber units have been deployed just over 40 times, and nearly half of those instances involved election security. That leaves less than two dozen known examples where public-sector networks were hit hard enough that the Guard was asked to step in.
Most organizations don’t have that option.
Why Most Organizations Cannot Rely on Outside Help
City governments and school districts can sometimes tap into emergency state or federal support. Private-sector companies cannot. When a financial institution, a hosting provider, or a regional ISP faces a cyberattack, there’s no Guard deployment. There’s no emergency declaration. There’s no outside cavalry riding to the rescue.
This is a difficult truth, but an important one: we are, by and large, on our own.
I don’t say that to provoke fear. I say it because clarity is a form of strength. Knowing what resources you do and don’t have is the first step in building the right plan.
The attack on St. Paul reminds us that cyber threats aren’t just technical problems. They have real world effects. Services stop. Staff go idle. Citizens can’t pay bills or report damage. Public libraries revert to pen and paper. Disruption doesn’t stay in the IT department—it spreads.
In St. Paul’s case, officials made the hard but necessary decision to shut down city systems to prevent further damage. They brought in outside help, activated their emergency operations center, and kept critical functions like 911 online. That kind of response is commendable. It’s also a reminder that responding well to a cyberattack isn’t just about what you have—it’s about what you’ve prepared for.
The vast majority of organizations will never face an incident that draws in state or federal cyber teams. That doesn’t mean they won’t face an incident. It means the burden of response will fall squarely on their own teams, or the partners they’ve brought in ahead of time.
That’s where readiness becomes the differentiator.
Service Availability and Security Go Hand in Hand
Readiness means having the right protections in place before something goes wrong. It means detecting and neutralizing suspicious activity quickly and contain it before it spreads. It means having plans that aren’t stored in a file but practiced in a room, with the people who will actually need to carry them out.
It also means investing in service availability—not just security. Protecting your infrastructure is important. So is keeping it running. Too often, these are treated as separate goals. They’re not. Your customers don’t care whether an outage is caused by a cyberattack, a misconfiguration, or a power failure. They care that your service works. They care that your team is reachable, your systems are responsive, and your brand is stable.
This is where we focus our energy at Corero. We help organizations ensure their critical services stay online, even under pressure. We give them visibility, control, and the support of a team that knows how to act fast.
We don’t aim to be the cavalry. We aim to make sure you don’t need one.
I’ve spoken often about the importance of self-reliance in cybersecurity. That position doesn’t change because a city called in the National Guard. If anything, it reinforces the point. A team of skilled responders arrived in St. Paul because the city had access to that level of support and made the call to bring them in. Most organizations won’t have that option. They’ll have to act quickly, often without external guidance, and with real consequences if they hesitate.
The Value of Proactive Cybersecurity Partnerships
The good news is that organizations don’t have to go it alone. They can choose partners who are in the fight with them—not after a breach, but from the beginning. That choice can’t be made in the middle of an incident. It has to happen beforehand, with clarity and commitment.
We can’t predict every attack. But we can prevent many of them from becoming crises. We can reduce the impact. We can make recovery faster. We can maintain trust, preserve continuity, and protect what matters.
No one likes to imagine worst-case scenarios. But the cities and companies that do—the ones that prepare, practice, and invest in resilience—are the ones who emerge stronger when it counts.
The National Guard won’t be coming for your business. That’s not a threat. It’s an opportunity. Because if the help you need is already inside your own operation, you’re not waiting on backup.
You’re already moving forward.
