Security

Why Feds Need to Take Ransomware Seriously

A recent survey indicates that federal agencies are experiencing ransomware attacks at roughly the same rate as state governments.

Phil Goldstein

Twitter

Phil Goldstein is a former web editor of the CDW family of tech magazines and a veteran technology journalist. He lives in Washington, D.C., with his wife and their animals: a dog named Brenna, and two cats, Grady and Princess.

Ransomware attacks are definitely the scourge of state and local governments, as attackers continue, with increasing sophistication, to encrypt agencies’ files and hold them hostage for a ransom payment.

However, federal agencies are also prime targets for ransomware, and a recently released survey indicates that they are underprepared for such attacks.

In August 2019, FedScoop and StateScoop conducted an online survey, underwritten by Veritas Technologies, of 150 prequalified government IT decision-makers about their agencies’ perceptions of ransomware and data recovery capabilities. Of the respondents, 74 were in the federal government.

According to the survey, almost the same share of federal agency respondents (30 percent) as state agency respondents (32 percent) have experienced a ransomware attack. Federal respondents worry most about risks to national security and employee productivity losses; state respondents worry most about unbudgeted costs to recover from an attack.

Just 34 percent of federal respondents and 17 percent of state respondents said their agency could fully recover their most critical data within 12 hours of a ransomware or malware attack.

Meanwhile, despite FBI and Department of Homeland Security recommendations not to pay a ransom to recover data, 24 percent of affected respondents said their agency did so — often without regaining their data, according to the survey.

The Challenges Feds Face on Combating Ransomware

According to the survey, 78 percent of respondents believe ransomware and malware will continue to be a growing concern in the next 12 months.

“Ransomware attacks are only getting worse. The actors are shifting their business models and going to more coordinated attacks like we saw in Texas,” Chris Krebs, director of DHS’ Cybersecurity and Infrastructure Security Agency, says in the survey’s report.

Government agencies face numerous external and internal challenges to guard against ransomware and malware threats. These challenges include the evolving sophistication of attacks (cited by 57 percent of respondents), the growing proliferation of attacks (49 percent), poor user awareness (44 percent), and a lack of budget (42 percent).

One-fifth of federal respondents reported that it would take more than a day to recover data following a ransomware attack, and 8 percent reported it would take more than a week. “As agency services depend increasingly on real-time data, leaders may need to reassess whether their backup and recovery strategies meet emerging threats,” the survey report notes.

Half of survey respondents said their agencies have procedures in place to recover or isolate data in the event of a ransomware or malware attack. However, fewer respondents (35 percent) said they have procedures to notify law enforcement and engage cybersecurity specialists, “suggesting agencies’ ransomware response plans remain incomplete,” the report states.

More than 7 in 10 agency respondents said their agencies use data backup and recovery tools and anti-virus and/or endpoint security solutions to combat ransomware and malware threats.

However, the report notes that to combat the threat of ransomware, federal and state cybersecurity experts stress that agencies should make sure they back up critical systems and configurations daily on a separate device; expand employee training to recognize phishing attempts and suspicious links; and revise incident response plans that treat cyberattacks more like disasters.

Vladimir_Timofeev/Getty Images