Apr 05 2022

State and Local Agencies Lag on Ransomware Response Planning, Report Says

Governments must step up investment in cybersecurity tools and incident response efforts, according to a Palo Alto Networks-sponsored report.

Although the threat of ransomware attacks for state and local governments remains extremely elevated, a recent national survey shows that fewer than half of state and local governments have a ransomware incident response plan.

Sponsored by Palo Alto Networks, the Center for Digital Government recently surveyed 200 state and local government leaders on the topic of ransomware.

When asked whether they agreed or disagreed with the statement that the ransomware threat will subside significantly over the next 12 to 18 months, 79 percent of respondents disagreed (57 percent strongly disagreed). While most respondents expressed confidence in their organizations’ ability to prevent the compromise of their systems via common attack vectors, the majority of organizations lack a ransomware incident response plan.

While the federal government is preparing to release cybersecurity grants to state and local governments to help improve their security posture, the survey and its accompanying report indicate that agencies have more work to do.

“To win grant awards and other federal funding, organizations need to start planning now,” the report notes. “They need to accurately assess their cybersecurity posture, identify gaps, prioritize needs and design a solution roadmap. To create a strong business case, they must include both IT/cybersecurity and business stakeholders. In addition, they must ensure they can sustain the investments they make once funding runs out.”

Click the banner below to get access to a customized cybersecurity content experience.

Government Agencies Face Gaps on Ransomware Response

According to the survey, 75 percent of respondents indicated they were confident (60 percent were somewhat confident, and 15 percent very confident) in their ability to defend against common cyberattacks.

However, the report notes, “the massive shift to work from home, a proliferation of endpoints, the move to cloud and increasingly interconnected systems have introduced new vulnerabilities.”

The threat landscape is also changing, the report notes, with ransomware attacks targeting both application and operating system vulnerabilities to “gain access and deploy malware to conduct reconnaissance; steal, destroy or encrypt data; and execute distributed denial of service (DDoS) attacks.”

To guard against increasingly sophisticated attacks, agencies need to use behavioral analysis, shared intelligence, automation and zero-trust access control.

According to the survey, only 48 percent of respondents have an incident response plan for ransomware, 17 percent of which fold it into a larger cybersecurity incident response plan.

Almost all respondents — 92 percent — that do have a plan are confident their organization could survive a ransomware attack, while only 57 percent of those without a plan share that confidence.

“The price for not having an incident response plan is high,” the report notes. “The average cost of a ransomware incident response investigation was $73,851 in 2020, even when backups could be recovered. This number does not include other potential expenses, including ransom paid, downtime and recovery costs, loss of the public’s trust and, in worst-case scenarios, loss of life.”

RELATED: What are the top five questions a cybersecurity assessment should answer?

How Agencies Can Stay on Top of Ransomware Threats

Many government agencies turn to third parties for risk assessment and incident response planning to help with cybersecurity, given staffing gaps and the complexity of the threat landscape.

“Investing in new technology, augmenting staff capabilities and working with third-party experts will be crucial tactics to protect against ransomware attacks,” the report notes.

When asked which areas of cybersecurity require additional investment or upgrades, respondents’ top priorities were providing remote workers with tools to secure home networks (41 percent) and hiring additional IT/security staff (37 percent).

Other key priorities include engaging a managed security services provider (27 percent); procuring products to better monitor and secure the public cloud (27 percent); and increasing use of automation, artificial intelligence and machine learning (26 percent).

Managed security service providers, the report notes, “can invest more heavily in innovation, in-depth threat intelligence, state-of-the-art technologies, and the most skilled and experienced cybersecurity professionals.”

Additionally, artificial intelligence, machine learning and automation “are other practical ways to augment staff capabilities and strengthen prevention, detection and remediation of ransomware attacks.”

EXPLORE: Learn how zero trust will evolve in 2022 for state and local agencies.

gorodenkoff/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.