Fully 53 percent of U.S. state and local governments and educational organizations lack a ransomware recovery plan, according to survey results gathered by Palo Alto Networks and the Center for Digital Government (CDG).
The figure reinforces the gaping disconnect between government organizations and schools -- and the potential fallout from ransomware attacks. Ill-prepared organizations often pay millions of dollars to restore data and rebuild networks after a ransomware attack. Example victims include:
- The City of New Orleans ($7 million in damages from ransomware attack);
- Atlanta ($17 million); and
- Baltimore (at least $6 million).
State and Local Government: Ransomware Research Perspectives
The irony: Nearly 80 percent of state and local IT leaders said they believe ransomware is an ongoing threat to their organizations and will not disappear any time soon, the survey indicated. Moreover:
- More than 90 percent of respondents with a plan are confident their organization could survive a ransomware attack, while only 56 percent of those without a plan share that confidence.
- 79 percent disagreed with the statement that ransomware will subside significantly over the next 12 to 18 months.
- Over 75 percent expressed confidence in their organization's ability to prevent compromise via common attack vectors.
- At least 67 percent said they need to make additional investments to respond effectively to ransomware attacks.
- 31 percent have a completed incident response plan for ransomware, and 22 percent did not know if they had made such preparations.
Ransomware-as-a-service and various sophisticated technologies are making it easier than ever to execute ransomware attacks, Palo Alto Networks indicated. As such, ransomware attacks look poised to increase in severity and volume in the foreseeable future, and state, local and educational organizations must plan accordingly.
How Can State, Local and Educational Organizations Protect Against Ransomware Attacks?
State, local and educational IT officials cited providing employees with security for their home networks (41 percent) and hiring more IT or security staff (37 percent) as the top things they can do to protect against ransomware attacks, the survey showed.
In addition, partnering with an MSSP provides a viable option for state, local and educational organizations to guard against ransomware attacks, the survey revealed.
