Ransomware: The greatest threat to state and local governments today
Historically, government organizations have faced fewer attacks than their peers in other industries, particularly education and healthcare. But state and local governments have become a popular target for bad actors over the last two years -- nearly half of all ransomware in 2020 targeted municipalities. And in 2021, almost 60 percent of state and local governments faced a ransomware attack, up from just one-third of government organizations the year before.
The trend toward more frequent government ransomware attacks is concerning for several reasons. First and foremost, governments provide constituents with critical, everyday infrastructure, which makes ransomware-related outages costly and damaging. This incentivizes government IT leaders to address ransomware breaches quickly by paying the ransom. Second, and equally important, many state and local governments continue to use legacy hardware for their IT infrastructure. Without cloud-based protections and modernized cybersecurity protocols, many state and local governments face an uphill battle when it comes to addressing ransomware.
Government IT leaders must become familiar with their organization’s cyber threat landscape. Equipped with this information, they can address threats expediently and, in many cases, prevent them from breaching containment in the first place.
Ransomware poses a significant danger to the public sector
Small government organizations are enticing targets for threat actors because they house valuable consumer data, including voter records, social security numbers and tax information. This private data catches a high price on the secondhand market. Moreover, municipalities host a range of critical public-facing functions, from voter registration to public safety. The proper maintenance of these duties is so crucial that many municipalities and IT leaders view a speedy resolution via ransom payment as preferable to extended community service outages.
Ransomware actors are aware of governmental organizations’ critical place in society and are actively taking advantage. Between 2013 and 2020, cybercriminals demanded an average ransom of $835,758 from state and local governments. But IT leaders must remember that ransom payments are never the correct answer, even if payment looks like the speediest way to restore public services. For one, most cyber-attacks result in data encryption, meaning restored functionalities may be corrupted or unusable. Governments, in particular, often face data encryption after an attack. And, perhaps more importantly, when an organization coughs up the ransom, they signal to other threat actors that they’re a good mark.
The continued expansion of the internet of things (IoT) also presents a complication for state and local governments. Cities and towns are becoming further interconnected by a web of new devices, including policy body cams, traffic sensors and emergency response systems. These technologies interact with one another and provide first responders and government officials with critical information. However, as governments tap into extended user devices and endpoints, they create new vulnerabilities for ransomware agents to exploit. IT leaders must update their organizations’ cybersecurity infrastructure to rival -- and even exceed -- more modern technologies in their stack.
Defending government systems with the protection trifecta
A robust cybersecurity posture is thorough in its approach to three important threat vectors: technology, people and processes. Let’s discuss how local and state governments can strengthen these functions.
Government IT leaders should consider digitally transforming their cybersecurity technologies to account for modern threats. Doing so may involve shifting from a physical, on-prem data center to a cloud-based data storage system. Or, in some cases -- depending on the confidentiality and regulations associated with the data -- a hybrid approach to cloud-based and on-prem data may be a more appropriate solution. Cloud and hybrid data centers are more secure because their firmware allows frequent security updates. Plus, a security operations center (SOC) can protect cloud data 24/7. Trusted cybersecurity partners monitor malicious activity and enact complex encryption systems that protect an organization from corrupted data. Their assistance is precious in the public sector, which struggles with a prolonged and acute talent shortage.
Regardless of an organization’s data storage method, IT leaders should prioritize the creation of immutable backups. It’s best to observe the 1-2-3 backup rule: Create two copies of essential data, and store all three files on different servers. Then, keep at least one of these backup files offsite for the greatest peace of mind. When ransomware breaches an organization’s systems, immutable backups ensure that vital data remains accessible and intact.
Technology can only be as powerful as the team supporting and deploying it. State and local governments should consider employing a chief information security officer (CISO) if they haven’t already done so. Tactical hiring is often the first step toward enacting positive organizational change.
In addition, government IT leaders must consider implementing an information security campaign. Human error is still the cause of 90 percent of ransomware breaches, usually through commonly avoidable phishing attacks. And yet 60 percent of states have no mandatory cybersecurity training program. IT leaders must rectify this by enacting organization-wide cybersecurity training protocols that are (1) frequent and (2) actionable. Remind employees that strong passwords and due diligence in outside-organization communication can go a long way in protecting the organization.
Once an IT leader has accepted that threats are inevitable, they’re probably ready to create a process improvement roadmap. Doing so will involve assessing an organization’s vulnerabilities. IT leaders should conduct frequent vulnerability assessments by simulating a system-wide attack and analyzing which systems are maintained and which may have been downed by the "ransomware" at play. Once an IT team identifies areas of improvement, the framework for improvement will become much more straightforward.
Or, in some cases, it may be sensible to speak with trusted partners and third-party vendors to understand system susceptibilities. Proven cybersecurity experts will know what to suggest -- not only for state and local governments but for any government organization’s exact IT framework. Internal patching or external infrastructure reevaluation are both solid options for improvement regarding ransomware. The only incorrect course of action is to rest and wait for ransomware to detect an organization’s weak points first.
John Gray is CTO of InterVision, a leading managed services provider, delivering and supporting complex IT solutions for mid-to-enterprise and public sector organizations throughout the US. With more than 25 years of experience and one of the most comprehensive product portfolios of managed IT service offerings available in the market, the company is uniquely positioned to guide clients through any stage of their technology journeys.