Mar 01 2022
Security

What Is the State of Ransomware Threats for State and Local Agencies?

A 2021 report finds that government agencies are facing a ransomware “national emergency.”
Mol Doak
by

Mol Doak is a contributor to StateTech. In addition to a passion for writing, Mol enjoys traveling, spending time with friends and family, and exploring new activities, cultures, and cuisines.

In 2021, cybercriminals launched a ransomware attack on the police department in Bristol, Va., gaining control of the department’s computers, which allowed them to access classified data that was later sold on the dark web. That attack is emblematic of the cyberattacks state and local agencies have faced over the past few years.

The severity of the rising threat of ransomware is underscored in “The State of Ransomware in Government 2021,” a report underwritten by security firm Sophos, which labeled it a “national emergency.”

RELATED: Explore the role of security operations centers in state government.

How Pervasive Is Ransomware in Government?

In January and February of 2021, researchers surveyed 248 government IT managers around the globe to provide context for IT leaders on how emerging cyberthreats are uniquely impacting state and local government agencies. Between state and local government, the report notes, “central government is a more frequent target than the local government.”

Overall, 40 percent of central government agencies experienced a ransomware attack within the previous year. Of the central government respondents that were not hit, 48 percent said they expected a future attack. While the numbers were lower for local governments, 34 percent were hit and 43 percent were missed but expected to be attacked, and they remain at risk.

As ransomware attacks increase in state and local government, threat actors have been much more successful at encrypting data from these attacks.

Local governments “were far less successful at stopping the attacks” compared with other sectors, according to the report. Nearly 70 percent of local government respondents who were attacked said their data was encrypted. That’s a full 15 percentage points higher than the global average of 54 percent.

Click the banner below to get access to a customized cybersecurity content experience.

StateTech Insider - security StateTech Insider - security

Cybersecurity Challenges Facing Local and State Governments

Local governments may face higher rates of encryption during ransomware attacks due to a lack of financial and cybersecurity resources. Constrained budgets and small teams pressure organizations to divert funds away from cybersecurity, leaving gaps in their platform protection. Conversely, central governments have a lower encryption rate, as they have more funding, trained IT staff and access to security operations centers.

An additional challenge facing local government is the rate at which it pays to recover data. Researchers found that 42 percent of local governments had paid ransoms to get their data back, right behind energy and oil and gas utilities at 43 percent. By comparison, only 26 percent of central governments and nondepartmental public bodies paid ransoms.

How Can State and Local Governments Mitigate Risk?

Given the increased ransomware risk state and local governments are facing, the report outlined several best practices to mitigate risk:

  • Assume you will be hit: No sector is immune from these attacks.
  • Make backups: Paying a ransom does not ensure data recovery. Make three copies of data, use two different backup systems and store at least one copy offline and offsite when possible.
  • Deploy layered protection: Block threat actors by securing multiple points across your environment.
  • Combine human experts and anti-ransomware technology: Dedicated anti-ransomware technology provides scalability and automation, and human-led threat hunting brings wisdom and experience detecting threat patterns. It’s a powerful combination.
  • Don’t pay the ransom: Paying a ransom creates vulnerability and doesn’t ensure files will be retrieved.
  • Have a malware recovery plan: A proactive cybersecurity approach, including an incident response plan, is the best way to stop a cyberattack from turning into a full-scale breach.

Ransomware attacks may be unavoidable, but a strong security posture can greatly help organizations recover when an attack occurs.

EXPLORE: Learn how zero trust will evolve in 2022 for state and local agencies.

gorodenkoff/Getty Images

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now