State and local governments are facing a never-ending wave of ransomware and other cyber attacks.
2020 saw 44 percent of global ransomware attacks targeting municipalities, with a full third of municipalities targeted that year—and that number doubled in 2021, with 6 out of 10 state or local governments experiencing an attack. In these attacks, data is often encrypted, meaning that financial gain for the attackers leads to chaos and disruption for the government and the public.
While ransomware is up across every industry (as are cyber attacks in general) there’s a few key lessons we can learn to protect state and local governments in the future. Hackers are not haphazard, and government entities are targeted for a reason. The main questions are why, and what can be done to slow the threats?
How Government Entities Are Attacked
From taking down county websites in Colorado to holding school districts for ransom to putting a dozen airport websites offline, local and state governments are experiencing consistent attacks from a multitude of angles.
Just one example this year was Fremont County, Colorado. The county was hit by ransomware which knocked the county website offline, as well as restricted internal access to email and other applications by employees. In effect, all county business was halted, and buildings were closed. Thankfully, the county was able to put up a temporary, back-up site to inform citizens.
In Quincy, Illinois, citizens ended up footing the bill for legal fees that resulted from compromised files during a spring cyber attack. While the original attack was months ago, multiple tools are still offline.
Here are some statistics that highlight how governments are falling prey to threat actors:
- Social engineering is the most common attack method, with 69% of attacks caused by social engineering
- 2,323 local governments were attacked in 2021
- 75% of local governments are attacked at a “near constant” rate
- Tribal governments are also being attacked — tribal casinos are a top target for hackers
Government entities are in the crosshairs of hackers. They need to understand why they’re vulnerable and how to take concrete action.
Why Are State and Local Government Entities Targeted?
There are multiple reasons that governments find themselves targeted over and over by cybercriminals. One reason is the same as other industries, they have what hackers want: valuable data they can use or sell on the dark web. Personal information fetches a pretty penny. But there are a few attributes that make government entities unique targets.
1. There is a lack of training among government employees.
If social engineering is targeting government employees, that’s because it works. Organizations need to rethink how they approach security training and employ a method that does more than check a box on an annual compliance report.
2. There is a lack of funding and staffing.
Local governments are not flush with cash, so investing in new technologies, processes, and other items needed to meet modern cybersecurity standards can be difficult. An attack will be much more costly than appropriate cybersecurity investments—but for cash-strapped local governments, it can seem like the only available option is to spend nothing and hope for the best. Cost is the number one factor for organizations establishing a security program. The federal government is hoping to change this with new grants.
In addition, the cybersecurity expertise gap is hitting the government hard, where wages may not be as high as in the private sector and opportunities may not be as lucrative. IT teams are finding themselves overwhelmed and undertrained when it comes to meeting new threats and improving the security environment of their organization. Across industries, 76% of organizations cannot achieve security goals due to staffing shortages.
3. There are a lot of state and local government entities for hackers to choose from.
There are over 90,000 different local governments in the U.S. and that doesn’t include state governments, tribal governments, or government-related entities like police departments and county offices. Cyber criminals can take a broad attack approach, especially with phishing attacks, and will probably land a major catch.
4. Governments are more connected than ever.
Digitization breeds risk, and as governments connect to the internet, they are creating new risks for their organizations and users. 99% of organizations (across industries) utilize the cloud, but there is a massive cloud-skills shortage.
How State and Local Governments Can Protect Themselves From Future Attacks
As attacks and statistics show, the threat for government entities is imminent and needs to be taken seriously. But that’s easier said than done. However, there are a few actions they can take to improve their security posture in both the short and long term.
- Apply for government grants. As part of The Infrastructure Investment and Jobs Act (IIJA), the federal government is handing out hundreds of millions to local governments.
- Invest in security awareness training. Users are targeted because hackers know they’re undertrained and will fall for a phishing scheme that could lead to a major ransomware attack. Proactive training prevents reactive remediation.
- Partner with an external security operations provider. With staff shortages and stagnant budgets, building out security operations in-house is almost impossible, and the fact is governments need more than technology they don’t have a team to manage.
Learn more about what governments can do to protect themselves with our “State and Local Cybersecurity Checklist.”
See how Arctic Wolf has helped governments improve their security posture with our case study on the Bay Area.