Three in four Americans worry that ransomware hackers are a threat to their personal data, a new IBM Security study showed.
IBM Security’s research, as conducted by Morning Consult, is based on 2,200 online interviews of U.S. adults. The vendor’s Local Government and Ransomware Study examines Americans’ understanding of the severity of ransomware attacks, what they’re willing to contribute from their tax dollars, how they feel government leaders are handling the issue, and how they prioritize the services that are being targeted during attacks.
Here are 10 key findings from the report:
- 75% worry about threats to their personal data.
- 68% are concerned about the threat of ransomware to their specific city.
- 79% of Americans are concerned about the threat of ransomware to cities across the U.S.
We ain’t paying.
- 56% of Americans would disapprove of their local government using tax dollars to pay a ransomware hacker.
- 63% of respondents would prefer to pay higher repair costs and not pay a ransom rather than using taxpayer dollars to pay for a ransom.
- Half of Americans know nothing about ransomware, and only 17% are very familiar with it.
- More than half of Americans would not be willing to pay additional taxes to protect their city, county, or town from attacks.
- Among those who are unwilling to pay additional taxes for cybersecurity, respondents are split 50-50 on whether they would support cutting funding from other local priorities for cybersecurity.
Who’s going to protect us?
- 49% of respondents view the federal government as having the greatest responsibility to protect cities from ransomware attacks, vs. 22% seeing it as a state-level responsibility and 28% viewing it as the responsibility of the local government.
- 88% of Americans believe in increasing federal funding for local governments to improve their cybersecurity infrastructure, and 76% believe the federal government should reimburse cities for damage from cyber attacks.
“The use of ransomware to hold cities hostage for ransom payments continues to grow, and as those impacted pay off the attackers’ ransom, the more the price continues to increase,” said Wendi Whitmore, IBM Security’s vice president of X-Force Threat Intelligence. “One common misconception is that paying the ransom immediately solves the problem, however doing so doesn’t always guarantee swift recovery of infected devices. It requires significant time and investment to decrypt devices, and there’s always the chance that paying criminals still won’t result in unlocked files at all.”
Ransomare Risk Mitigation: IBM's Advice
What can organizations, cities, government entities, and other bodies do to prepare for a ransomware attack? IBM offers the following recommendations :
Rehearse and test: It’s not if an incident response plan will be challenged but a matter of when.
Backup: Ensuring departments have effective backups of critical systems and are testing these backups is more important than ever.
Set an action plan: Consider developing a capability to set up a short-term, quick turnaround business function to enable continued operations while an attack is being remediated.
Patch: Ensure all systems are patched with the latest software updates.
Empower employees: Some of the best responses to cyberattacks stemmed from empowered employees that were allowed to take calculated risks to save digital assets.
Hire an ethical hacker: Learn your group’s risk level by having an hacker hack your department before a cyber criminal does.