John Gray, CPO at InterVision, discusses the ongoing threat of ransomware for state and local governments, what these officials can do to prepare better themselves, and how to respond if attacked.
Historically, government organizations have faced fewer attacks than their peers in other industries. But state and local governments have become a popular target for ransomware attacks over the last two years — nearly half of all ransomware in 2020 targeted municipalities.
A recent auditOpens a new window of local governments and courts revealed that many municipalities hadn’t deployed necessary cybersecurity defenses like offsite data backups, routine vulnerability testing, and robust user authentication. The report also detailed that problematic but standard cyber practices like password sharing expose essential government operations to malware. Equally concerning, most municipalities haven’t created a cohesive disaster recovery plan. So, governments aren’t equipped to handle the damaging aftermath even when a breach occurs.
This state of affairs is troublesome because municipalities are becoming increasingly popular targets for ransomware. Of all attacks that occurred in 2020, nearly halfOpens a new window (45%) targeted state and local governments. Six in 10 local governments faced a ransomware attack or were breached in 2021, up from one-third the year before. And ransomware that targets municipalities is often more aggressive. Local governments’ data were encrypted more frequently during a breach than data from other industries.
Let’s discuss the modern threat vectors municipalities face, then unpack what an effective cybersecurity strategy is, guided by the protection trifecta: technology, people, and processes.
The State of the Union for Ransomware in the Public Sector
Industries that provide public services are top targets for bad actors. Attacks on the supply chain increased in 2021, and education institutions reported a 20%Opens a new window increase in ransomware the same year. Because these industries interact with the public, often in sensitive ways, their data is more valuable. For example, private government documents like social security information, patent files, and voting records all catch a high secondhand price. Moreover, municipalities handle a large amount of raw data, which means their attack surface is far greater than private entities.Â
Manufacturing, education, and government also play an irreplaceable role in daily life, making a ransom payout more lucrative and likely in these industries. When governmental infrastructure falls, 911 call centers, voting stations, and DMVs may become inoperable. Prolonged outages pose significant societal risks, including possible endangerment of human life. As such, government leaders are often under more pressure to relent and pay the ransom. Ransom demands in the public sector have become so pervasive that some states legally prohibit public entities from communicating with hackers or paying a ransom.
Such laws are promising because they eradicate the possibility of a ransom payment, which harms an organization’s reputation and doesn’t always recapture lost data. However, ransomware isn’t going anywhere fast; therefore, this law isn’t enough to shield local and state governments.
See More: 8 Strategies to Minimize Ransomware’s Impact
Refining Technology, People, and Processes to Protect Against Threats
A chief security officer in a Maryland county once observedOpens a new window , “Google has 2,000 security engineers… I’ve got four.†Understaffing and tight budgets are straightforward explanations for why the public sector’s cybersecurity measures lag behind private enterprises. But the protection trifecta technology, people, and processes can guide government IT leaders through a comprehensive and essential cybersecurity audit.
Technology is a crucial touchpoint for cybersecurity, especially as the Internet of Things (IoT) expands and government devices become progressively more connected. Municipal devices like emergency response systems, police body cams, and traffic sensors interact on the same network. These technologies may aid daily civic operations, but as endpoints increase, so do vulnerabilities. If government IT leaders don’t protect their technologies, ransomware can enter one endpoint or user device, compromising the whole system.
See More: Ransomware and SaaS data: The Threat is Real
Government IT leaders should consider hosting data in the cloud to combat interpolated but insecure networks. Alternatively, a hybrid setup wherein data is hosted both in the cloud and in on-premises data centers may provide coverage for when an attack occurs. Cloud data is more secure because digital infrastructure facilitates more accessible and cost-effective security updates. And virtually hosted data also opens the door for cybersecurity partnerships, through which a trusted vendor can constantly monitor data integrity. When a ransomware attack occurs, a security operations center (SOC) team can respond to the incident in real-time and immediately work on restoring operations.
Fight Ransomware at the Root
Enacting expansive changes to existing IT infrastructure is a big job. Leaders in the public sector should consider hiring a department leader that understands the value of digital transformation, such as a chief information security officer (CISO). CISOs will better grasp the current cybersecurity landscape and often be ready to spearhead critical information campaigns. After all, employees are the root cause of ransomware breaches. Often, the most practical way to combat ransomware is to educate people on the realities of phishing and password insecurity.
Ideally, state and local governments would employ a healthy mixture of technology, people, and process revisions to combat the rise in ransomware. For government leaders overwhelmed by the revitalization process, it’s best to discuss options with a trusted third party. Professionals outside an organization are better inclined to draft a cohesive roadmap to digital security. And when it comes to municipalities, the backbone of society, it’s not worth waiting for the possibility of ransomware. Instead, leaders must prioritize a holistic cybersecurity program as soon as possible.
What actions have you taken to protect your municipality from ransomware attacks? Let us know on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!
Image Source: Shutterstock