States need better data recovery to forestall ransomware threats

State agencies’ data is increasingly at risk to ransomware attack, in part due to poor backup and recovery practices, according to findings from a new survey.

Among state IT and agency leaders polled, 69 percent said it would take their agency from 12 hours to over a month to recover the most critical data if it was affected by a ransomware attack.

Read the full report.

The study also found that 32 percent of state IT respondents have been victim of a ransomware attack within the last three years, compared to 30 percent of federal IT respondents. Of those agencies affected by ransomware attacks, 1 in 4 respondents said their agency paid the ransom — and in 1 in 10 cases, they still weren’t able to recover their data.

Overall, 8 in 10 government IT officials believe ransomware will be as great, if not a greater threat in the coming year.

The report, “Ransomware threats: Is your agency ready?” highlights findings from a survey of 150 state and federal government IT decision makers and was produced by StateScoop and its sister publication, FedScoop, and underwritten by Veritas Technologies.

Ransomware’s impact to mission for state agencies

Successful ransomware attacks can have costly consequences. Half of state officials in the survey cited unbudgeted expenses for remediation (53%) and prolonged loss of services (49%) representing the greatest impacts to their program if it suffered a critical loss of data.

The City of Baltimore, for example, was victim to a sizeable attack in March, which cost the city $18 million dollars collectively for both recovery and lost revenue.

Additionally, agency leaders see the impact of ransomware beyond the loss of data. It also compromises employee productivity and institutional trust and requires substantial effort to reconstruct department records. These concerns are part of the reason some agencies opt to pay a ransom.

“We had to make a determination on whether to pay. We could have literally been down months and months and spent as much or more money trying to get our system rebuilt,” said a county manager for Jackson County, Florida, in a comment quoted in the report.

Combatting ransomware attacks with data backup and recovery policies

How long would it take the agency department to fully recover its critical data from a ransomware attack? (StateScoop graphic)

Ransomware attacks have already hit hard in cities like Baltimore and Atlanta, and the risk is growing. The rising risk should be a concern for agencies who may not be prepared to recover from an attack. Only 17 percent of respondents reported their agency could recover its most critical data in less than 12 hours if it was attacked.

Agencies take a myriad of measures to protect their data, with 7 in 10 state and federal respondents specifically relying on data backup and recovery systems as well as anti-virus and endpoint security solutions to combat ransomware and malware. However, the broader findings suggest agencies may not have sufficient response plans in place and that their ability to detect threats may not be sufficient to prevent damaging attacks.

Only half of respondents, for instance, reported having procedures to recover or isolate ransomed data. Far fewer have plans in place to engage with law enforcement and cyber specialists.

This indicates that agencies could use more help not only to identify appropriate detection and response technologies, but also in creating appropriate response procedures in the event of an attack.

What ransomware victims say

Those who experienced an attack tend to rank the actual impact differently from those who haven’t experienced an attack, also suggesting that officials may not be fully estimating the potential impact of such an incident.

Respondents affected by ransomware attack, for instance, said the biggest impact was on national security risks, prolonged loss of services and unbudgeted expenses for remediation. Those not yet affected believed ransomware would have the greatest impact on employee productivity and citizen services.

The scope and impact of statewide ransomware attacks comes into sharper view in a new database visualized in an interactive “Ransomware Attacks Map,” [LINK] released in October 2019 by StateScoop.

Federal/State respondents: Did your agency pay a ransomware to recover its data? (StateScoop graphic)

“Ransomware attacks are only getting worse. The actors are shifting their business models and going to more coordinated attacks like we saw in Texas [in 2019],” said Chris Krebs, in director of DHS Cybersecurity and Infrastructure Security Agency, in a comment quoted in the report.

The threats continue to challenge government agencies to keep up, with 57 percent of respondents saying the evolving sophistication of attacks is the top obstacle to improving defenses.

With mounting costs from ransomware attacks across the country, state agency leaders will need to look beyond established IT security measures and focus new attention on emergency cyber preparedness and data recovery capabilities.

Download the report, “Ransomware Threats: Is Your Agency Ready?” for detailed findings and guidance on ransomware and its impact in the public sector.

This article was produced by StateScoop and underwritten by Veritas Technologies.