Recently, we explored the continued growth and impact of ransomware attacks on the public sector. With trends and tactics in mind, it is critical for agencies to better understand the ransomware threat and learn how they can help protect their organizations from these attacks to avoid becoming the next media headline. A new report from Verizon, Don’t Be the Next Ransomware Victim, shares best practices and expert insights for agencies as they implement measures to counter this game-changing threat.

According to Verizon’s 2019 and 2020 Data Breach Investigations Report, cybercriminals have targeted government agencies with an estimated 330 ransomware attacks – almost triple the number of incidents reported in the five years prior. Federal agencies and the IT contractors they work with continue to be prime targets for bad actors. In June 2020, Digital Management Inc., a cybersecurity services provider that was contracted with NASA, the State Department, and Defense Department, was hit with a ransomware attack that resulted in leaked NASA files. While attacks like these on the federal government may seem few and far between, this is unfortunately far from the truth. It’s estimated that only about 10 percent of ransomware attacks are actually reported.

As these attacks continue to grow and evolve, it’s important that government agencies better understand why these threats are occurring and how to help prevent them. The report explored five areas that are impacting ransomware attack frequency:

Expanding Attack Surface: Day-to-day government operations rely on technology. Employees rely on devices such as computers, tablets, and phones to complete their tasks. The increase in Internet of Things (IoT) devices from parking meters to traffic cameras further exacerbates the challenges by creating additional — not to mention a wider variety of — endpoints requiring protection.

Budget Concerns: It’s rare for government organizations to have comparable budgets and resources to those found in the private sector. This strains teams with limited tools to protect data and respond to cybersecurity incidents.

Keeping Technology Up to Date: Many government agencies are further challenged in operating legacy systems that require constant maintenance and inspection. Budget constraints have placed limits on modernization and these budgetary shortfalls increase the challenge in having to take technology offline to perform updates.

Cybersecurity Staff Shortage: The on-going demand for skilled cybersecurity professionals continues to push upward pressure on salary ranges that the public sector cannot afford. This makes building an effective cybersecurity team to protect assets and defend cyberattacks a challenge.

Inadequate Cyber Training: To mitigate attack vectors and cyber vulnerabilities, agencies need to educate staff on an on-going basis about tactics, trends, and specific threats. This training requires insight and resources that government organizations may not have.

With these five factors in mind, how can agencies forge ahead to create a stronger security posture?

The report recommends maximizing IT security by following the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Using this as a guide, agencies can enhance their cybersecurity and incident response posture to protect critical infrastructure and devices.

Are you ready to bolster your security posture? Read the report here.