Vertical markets, Content, Content

Most State and Local Governments Still Lack Ransomware Cyberattack Response Plans

Imposing view of exterior of City Hall

Fully 53 percent of U.S. state and local governments and educational organizations lack a ransomware recovery plan, according to survey results gathered by Palo Alto Networks and the Center for Digital Government (CDG).

The figure reinforces the gaping disconnect between government organizations and schools -- and the potential fallout from ransomware attacks. Ill-prepared organizations often pay millions of dollars to restore data and rebuild networks after a ransomware attack. Example victims include:

State and Local Government: Ransomware Research Perspectives

The irony: Nearly 80 percent of state and local IT leaders said they believe ransomware is an ongoing threat to their organizations and will not disappear any time soon, the survey indicated. Moreover:

  • More than 90 percent of respondents with a plan are confident their organization could survive a ransomware attack, while only 56 percent of those without a plan share that confidence.
  • 79 percent disagreed with the statement that ransomware will subside significantly over the next 12 to 18 months.
  • Over 75 percent expressed confidence in their organization's ability to prevent compromise via common attack vectors.
  • At least 67 percent said they need to make additional investments to respond effectively to ransomware attacks.
  • 31 percent have a completed incident response plan for ransomware, and 22 percent did not know if they had made such preparations.

Ransomware-as-a-service and various sophisticated technologies are making it easier than ever to execute ransomware attacks, Palo Alto Networks indicated. As such, ransomware attacks look poised to increase in severity and volume in the foreseeable future, and state, local and educational organizations must plan accordingly.

How Can State, Local and Educational Organizations Protect Against Ransomware Attacks?

State, local and educational IT officials cited providing employees with security for their home networks (41 percent) and hiring more IT or security staff (37 percent) as the top things they can do to protect against ransomware attacks, the survey showed.

In addition, partnering with an MSSP provides a viable option for state, local and educational organizations to guard against ransomware attacks, the survey revealed.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.