While state and local governments see fewer ransomware attacks than other industry sectors, government organizations are more likely to have their data encrypted and are significantly less able to stop ransomware attacks before that step, according to cybersecurity company Sophos.
The U.K.-based cybersecurity firm says 72% of state and local government organizations had their data encrypted during ransomware last year, 7% more than the cross-sector average. Government organizations were less able to stop the attack before data could be encrypted, as just 20% could do so.
The government sector is also increasingly less able to recover encrypted data after paying the ransom, with 58% of such data recovered in 2021 versus 70% in 2020, lower than the cross-sector average of 61%, according to Sophos.
Last year also saw a 70% rise in the number of ransomware attacks against local government, and 58% were targeted when compared to 34% in 2020.
Further speaking to the IT challenges of local governments, the cost for government organizations to remediate an attack was three times the average ransom the sector paid, according to Sophos.
Sophos cites the 2018 ransomware attack against Atlanta, Georgia, which ended up paying $17 million to recover from an attack that asked for $50,000 in ransom.
“This is often the case with local and state government organizations—they spend far more on recovering and catching up with current security practices than they do on the actual ransom demand, should they choose to pay it,” says Chester Wisniewski. “While getting the initial buy-in may be hard, in the long term, preemptive cybersecurity measures are a far better alternative than bolstering defenses after an attack.”
According to Wisniewski, principal research scientist at Sophos, government organizations are historically not prime targets for ransomware attackers because they don’t have as deep pockets as their private organization counterparts.
“However, when these organizations do get hit, they have little in the way of protection because they don’t have the budget for additional, in-depth cybersecurity support, including threat hunting teams or security operations centers,” Wisniewski says.
However, government agencies collect a large amount of sensitive information, and they need to keep that information easily accessible and secure. Making matters worse is that taxpayers typically want to see their tax dollars at work cleaning their streets and improving their schools.
“They can’t ‘see’ a cyberattack or understand why a Managed Detection and Response (MDR) provider might be necessary to defeat ransomware,” Wisniewski says.