Though state and local governments are aware of the threat posed by ransomware, few are confident in their ability to defend against and repair the damage of today’s attacks, according to a recent MeriTalk survey.
“People understand the threat, but three-quarters feel like they can’t thwart an attack,” said Stephen Ellis, public sector marketing lead at RSA Security, which underwrote the survey.
Ellis listed three reasons why state and local governments might be struggling with their response to ransomware: the newness of the threat, the expanding perimeter that agencies have to protect, and the Federated nature of agency IT departments.
“The brazenness of these criminals to go after government agencies is somewhat new,” Ellis said, explaining that, though ransomware has been around for a while, it is only in the past couple of years that hackers have been willing to go after riskier government targets. “That threat landscape is expanding pretty rapidly.”
The study found that nearly half of respondents expect ransomware attacks to increase over the next two years. And when hacks do happen, 46 percent said that they are very likely to know how many computers were affected.
According to Ellis, this number is surprisingly high, since the definition of a computer has expanded so much during the past few years.
“I don’t know that they’re as aware about what a computer is anymore,” said Ellis. “Are they thinking about computers in the sense of their infrastructure or are the respondents thinking of computers as, say, the body cams on their police officers?”
When it comes to combating ransomware threats, the survey found that over one-third of execs say that not all employees have taken ransomware training in the past year.
According to Ellis, though there is some debate as to whether ransomware training has any significant impact, training in other areas such as phishing has certainly raised awareness about using caution with email and other types of communication.
“I think that has had an impact on those types of threats,” Ellis said. “You need to get the message in of using government IT systems in a way that is compliant.”
To prepare for incoming threats, the survey suggests implementing resources to monitor the threats, looking deeper and broader throughout the network for related events, and improving behavior-based detection.
“I think there’s a huge opportunity for a state government leader to come in and make some priority changes,” said Ellis. “It all starts with threat detection and response.”
He added that agencies should change their mind-set from prevention to retaliation since “these people are going to get into your systems.”
On the positive side, Ellis says that state and local ransomware preparedness matches up “pretty favorably with the commercial world.” Government has the advantage over industry through established purchasing and a more intensely committed workforce, while industry is more likely to have new infrastructure that is easier to make compliant.
Download the full infographic here.