< BACK TO BLOG

December 6, 2022
by Arctic Wolf

Why State and Local Governments Are Targeted by Cyber Attackers

State and local governments are facing a never-ending wave of ransomware and other cyber attacks.

2020 saw 44 percent of global ransomware attacks targeting municipalities, with a full third of municipalities targeted that year—and that number doubled in 2021, with 6 out of 10 state or local governments experiencing an attack. In these attacks, data is often encrypted, meaning that financial gain for the attackers leads to chaos and disruption for the government and the public.

While ransomware is up across every industry (as are cyber attacks in general) there’s a few key lessons we can learn to protect state and local governments in the future. Hackers are not haphazard, and government entities are targeted for a reason. The main questions are why, and what can be done to slow the threats?

How Government Entities Are Attacked

From taking down county websites in Colorado to holding school districts for ransom to putting a dozen airport websites offline, local and state governments are experiencing consistent attacks from a multitude of angles.

Just one example this year was Fremont County, Colorado. The county was hit by ransomware which knocked the county website offline, as well as restricted internal access to email and other applications by employees. In effect, all county business was halted, and buildings were closed. Thankfully, the county was able to put up a temporary, back-up site to inform citizens.

In Quincy, Illinois, citizens ended up footing the bill for legal fees that resulted from compromised files during a spring cyber attack. While the original attack was months ago, multiple tools are still offline.

Here are some statistics that highlight how governments are falling prey to threat actors:

Social engineering is the most common attack method, with 69% of attacks caused by social engineering
2,323 local governments were attacked in 2021
75% of local governments are attacked at a “near constant” rate
Tribal governments are also being attacked — tribal casinos are a top target for hackers

Government entities are in the crosshairs of hackers. They need to understand why they’re vulnerable and how to take concrete action.

Why Are State and Local Government Entities Targeted?

There are multiple reasons that governments find themselves targeted over and over by cybercriminals. One reason is the same as other industries, they have what hackers want: valuable data they can use or sell on the dark web. Personal information fetches a pretty penny. But there are a few attributes that make government entities unique targets.

1. There is a lack of training among government employees.

If social engineering is targeting government employees, that’s because it works. Organizations need to rethink how they approach security training and employ a method that does more than check a box on an annual compliance report.

2. There is a lack of funding and staffing.

Local governments are not flush with cash, so investing in new technologies, processes, and other items needed to meet modern cybersecurity standards can be difficult. An attack will be much more costly than appropriate cybersecurity investments—but for cash-strapped local governments, it can seem like the only available option is to spend nothing and hope for the best. Cost is the number one factor for organizations establishing a security program. The federal government is hoping to change this with new grants.

In addition, the cybersecurity expertise gap is hitting the government hard, where wages may not be as high as in the private sector and opportunities may not be as lucrative. IT teams are finding themselves overwhelmed and undertrained when it comes to meeting new threats and improving the security environment of their organization. Across industries, 76% of organizations cannot achieve security goals due to staffing shortages.

3. There are a lot of state and local government entities for hackers to choose from.

There are over 90,000 different local governments in the U.S. and that doesn’t include state governments, tribal governments, or government-related entities like police departments and county offices. Cyber criminals can take a broad attack approach, especially with phishing attacks, and will probably land a major catch.

4. Governments are more connected than ever.

Digitization breeds risk, and as governments connect to the internet, they are creating new risks for their organizations and users. 99% of organizations (across industries) utilize the cloud, but there is a massive cloud-skills shortage.

How State and Local Governments Can Protect Themselves From Future Attacks

As attacks and statistics show, the threat for government entities is imminent and needs to be taken seriously. But that’s easier said than done. However, there are a few actions they can take to improve their security posture in both the short and long term.

Apply for government grants. As part of The Infrastructure Investment and Jobs Act (IIJA), the federal government is handing out hundreds of millions to local governments.
Invest in security awareness training. Users are targeted because hackers know they’re undertrained and will fall for a phishing scheme that could lead to a major ransomware attack. Proactive training prevents reactive remediation.
Partner with an external security operations provider. With staff shortages and stagnant budgets, building out security operations in-house is almost impossible, and the fact is governments need more than technology they don’t have a team to manage.

Learn more about what governments can do to protect themselves with our “State and Local Cybersecurity Checklist.”

See how Arctic Wolf has helped governments improve their security posture with our case study on the Bay Area.

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.

Continue Reading

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognize and neutralize social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyze.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

Understanding ransomware — from its origins to its impacts to the TTPs that allow ransomware gangs to exploit victim organizations and make off with millions in ransom payments and extortion fees.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organization.

Learn how our Concierge Security® and Triage Security Teams help end cyber risk.

SECURITY BULLETINS

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

CVE-2024-3400: Critical Vulnerability in GlobalProtect Feature of PAN-OS being Actively Exploited

COMPANY