In 2021, cybercriminals launched a ransomware attack on the Bristol, Virginia Police Department, taking control of the department’s computers, allowing them to access classified data that was later sold on the dark web. This attack is emblematic of cyberattacks that state and local agencies have faced in recent years.
The severity of the growing ransomware threat is highlighted in “The State of Ransomware in Government 2021”, a report endorsed by security firm Sophos, which called it a “national emergency”.
RELATED: Explore the role of security operations centers in state government.
How prevalent is ransomware in government?
In January and February 2021, researchers surveyed 248 government IT officials from around the world to provide IT managers with context on how emerging cyber threats are uniquely impacting national and local government agencies. Between state and local government, the report notes, “central government is a more frequent target than local government.”
Overall, 40% of central government agencies have suffered a ransomware attack in the past year. Of central government respondents who were not affected, 48% said they expected a future attack. While the numbers were lower for local governments, 34% were hit and 43% were missed but should be attacked, and they remain at risk.
As ransomware attacks increase in states and local governments, threat actors have become much more successful in encrypting data from these attacks.
Local governments “have been much less successful in stopping attacks” compared to other sectors, according to the report. Nearly 70% of local government respondents who were attacked said their data was encrypted. This is 15 percentage points higher than the global average of 54%.
Click on the banner below to access a personalized cybersecurity content experience.
Cybersecurity Challenges Facing Local and State Governments
Local governments may face higher encryption rates during ransomware attacks due to a lack of financial and cybersecurity resources. Limited budgets and small teams are causing organizations to divert funds away from cybersecurity, leaving gaps in their platform protection. Conversely, central governments have a lower encryption rate because they have more funding, trained IT staff, and access to security operations centers.
An additional challenge that local government faces is the rate at which it pays to recover data. The researchers found that 42% of local governments had paid ransoms to recover their data, just behind energy, oil and gas utilities at 43%. In comparison, only 26% of central governments and non-departmental public bodies paid ransoms.
How can states and local governments mitigate the risks?
Given the increased risk of ransomware that state and local governments face, the report outlines several best practices to mitigate risk:
- Suppose you will be affected: No sector is immune to these attacks.
- Make backups: Paying a ransom does not guarantee data recovery. Make three copies of data, use two different backup systems, and store at least one copy offline and offsite when possible.
- Deploy layered protection: Block malicious actors by securing multiple points in your environment.
- Combine human experts and anti-ransomware technology: Dedicated anti-ransomware technology provides scalability and automation, and human-led threat hunting brings wisdom and experience in detecting threat patterns. It’s a powerful combination.
- Do not pay the ransom: Paying a ransom creates a vulnerability and does not guarantee that files will be recovered.
- Have a malware recovery plan: A proactive approach to cybersecurity, including an incident response plan, is the best way to prevent a cyberattack from becoming a full-scale breach.
Ransomware attacks may be unavoidable, but a strong security posture can go a long way in helping organizations recover when an attack occurs.
TO EXPLORE: Find out how zero trust will evolve in 2022 for national and local agencies.