The public sector has become a favored target for cyber criminals. Armed with automated botnets, hackers rummage through computer systems to locate undersecured “soft targets.” In recent years, U.S. state and local government agencies have fallen prey to cyber attacks. Legacy security is proving ineffective against the growing legion of diverse, sophisticated, and confrontational cyber threats.
Public agencies collect and store sensitive data. Like the private sector, government institutions have gone digital. The addition of cloud, mobile, and SaaS have expanded an organization’s attack surface. It further illuminates the fact that your cyber security is only as strong as your weakest point. In this whitepaper, we’ll discuss the two main cyber threats that public sector organizations face: ransomware and data breaches. We’ll then recommend foundational practices that can help bolster
your cyber security.
Public Sector Threat Landscape: Two Sides of a Tarnished Bitcoin
Ransomware: Ransomware is malware that infiltrates networks to freeze access to computer systems, and paralyze functionality until a ransom is paid, usually in Bitcoin cryptocurrency. However, dishing out coins is no guarantee that cyber criminals will restore your access to data, networks, or computers. Research carried out by CyberEdge Group shows that less than half of those who opted to pay the ransom were able to recover their files.2 Targeted ransomware attacks have been on the rise. In the U.S., more than 163 ransomware attacks targeted local and county governments in 2019, a 196% increase over the previous year. 3 In Europe, the EU warned that ransomware remains the top cyber crime threat, with governments being particularly vulnerable to such attacks.4 Furthermore, government agencies are particularly vulnerable because of the expanding attack surface, their use of outdated technology, and limited budgets.5
In the U.S., the FBI has issued a “High-Impact” cyber attack warning to businesses and organizations, citing the ongoing criticality of cyber threats.6 Losses from ransomware are on the rise as hackers are launching attacks that are more targeted, sophisticated,
StateScoop developed the interactive Ransomware Attacks Map, documenting 260 known public sector ransomware attacks in the U.S. since 2013.9 The authors noted the alarming increase in ransomware attacks over the last several years, with new high-profile incidents occurring every few weeks.
“At least three U.S. States will declare states of emergency due to waves of ransomware in 2020. Ransomware, which carried a price tag of over $10 billion this year in attacks, will continue to plague state and municipal agencies lacking appropriate skills, controls, and
ransomware countermeasures.” 8— Jon Oltsik, Senior Principal Analyst and Fellow,
Enterprise Strategy Group (ESG)
Download the full text here.
1 “The Internet is Mostly Bots,” by Adrienne LaFrance, The Atlantic, January 31, 2017.
2 “Ransomware: To Pay Or Not To Pay, That Is Still A Real Question, October 9, 2018.
3 “Ransomware Increasingly Targeting Small Governments,” by Robert Lemos, Dark Reading, March 11, 2020.
4 “European Union Finds Ransomware Is Top Cybercrime, VOA News, October 9, 2019.
5 “Ransoming Government,” by Pete Renneker, Deloitte, March 11, 2020.
6 “FBI Issues ‘High-Impact Cyber Attack Warning’ – What You Need to Know,” by Davey Winder, Forbes, October 3, 2019.
8 “42 More Cybersecurity Predictions for 2020,” by Gil Press, Forbes, December 12, 2019.
9 “Ransomware Attacks Map chronicles a growing threat,” by Benjamin Freed, StateScoop, October 22, 2019.