Government Agencies Face Gaps on Ransomware Response
According to the survey, 75 percent of respondents indicated they were confident (60 percent were somewhat confident, and 15 percent very confident) in their ability to defend against common cyberattacks.
However, the report notes, “the massive shift to work from home, a proliferation of endpoints, the move to cloud and increasingly interconnected systems have introduced new vulnerabilities.”
The threat landscape is also changing, the report notes, with ransomware attacks targeting both application and operating system vulnerabilities to “gain access and deploy malware to conduct reconnaissance; steal, destroy or encrypt data; and execute distributed denial of service (DDoS) attacks.”
To guard against increasingly sophisticated attacks, agencies need to use behavioral analysis, shared intelligence, automation and zero-trust access control.
According to the survey, only 48 percent of respondents have an incident response plan for ransomware, 17 percent of which fold it into a larger cybersecurity incident response plan.
Almost all respondents — 92 percent — that do have a plan are confident their organization could survive a ransomware attack, while only 57 percent of those without a plan share that confidence.
“The price for not having an incident response plan is high,” the report notes. “The average cost of a ransomware incident response investigation was $73,851 in 2020, even when backups could be recovered. This number does not include other potential expenses, including ransom paid, downtime and recovery costs, loss of the public’s trust and, in worst-case scenarios, loss of life.”
RELATED: What are the top five questions a cybersecurity assessment should answer?
How Agencies Can Stay on Top of Ransomware Threats
Many government agencies turn to third parties for risk assessment and incident response planning to help with cybersecurity, given staffing gaps and the complexity of the threat landscape.
“Investing in new technology, augmenting staff capabilities and working with third-party experts will be crucial tactics to protect against ransomware attacks,” the report notes.
When asked which areas of cybersecurity require additional investment or upgrades, respondents’ top priorities were providing remote workers with tools to secure home networks (41 percent) and hiring additional IT/security staff (37 percent).
Other key priorities include engaging a managed security services provider (27 percent); procuring products to better monitor and secure the public cloud (27 percent); and increasing use of automation, artificial intelligence and machine learning (26 percent).
Managed security service providers, the report notes, “can invest more heavily in innovation, in-depth threat intelligence, state-of-the-art technologies, and the most skilled and experienced cybersecurity professionals.”
Additionally, artificial intelligence, machine learning and automation “are other practical ways to augment staff capabilities and strengthen prevention, detection and remediation of ransomware attacks.”
EXPLORE: Learn how zero trust will evolve in 2022 for state and local agencies.