US government authorities fail to train employees on ransomware detection, prevention

New research suggests that the majority of state and local governments are not rising to the challenge of mitigating ransomware threats.

DHS: Ransomware attack hit US gas pipeline operator

The majority of state and local government agencies are failing to prepare their employees to spot cyberattacks or teach them how to handle ransomware incidents in the workplace, new research suggests. 

On Thursday, IBM Security released the results of a new study, conducted on its behalf by The Harris Poll, containing responses from close to 700 US local and state employees in IT, education, emergency services, and security departments. 

The research, taking place between January and February this year, reveals that only 38% of local and state employees have received any training in general ransomware prevention, which may include learning how to spot phishing attempts, the threat of social engineering, and basic security hygiene in the workplace.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

Ransomware is available in many forms and has distinguished itself in underground marketplaces as a lucrative means to generate profit for criminals. Once established on a vulnerable system, this strain of malware will often encrypt files or disks, lockdown systems, and display a blackmail note demanding payment in return for a key to decrypt the victim's files and restore access.

We've seen across the US and beyond just how debilitating ransomware can be -- the global WannaCry outbreak, the Travelex incident, and the recent attack against a Department of Defense (DoD) contractor come to mind -- potentially leading to the full shutdown of systems, downtime pegged at an average of over two weeks, and a hefty bill for organizations to repair the damage caused post-infection. 

In addition to a lack of awareness training for staff, budgets for managing cyberthreats have remained stagnant over the past year, according to 52% of respondents, despite over 100 cities across the United States experiencing some form of ransomware infection over 2019 including New York, Massachusetts, and New Jersey.

See also: New ransomware attacks target your NAS devices, backup storage

The poll found that 73% of government employees are concerned about future ransomware attacks against US cites and organizations -- while in contrast, worries surrounding future terrorist attacks or natural disasters are further down the list when it comes to emerging threats. 

Almost 10% of those surveyed from local and state teams said that they have no dedicated security team in place. 

The public school and education sector appear to be the least prepared, with 44% of respondents saying they have received no cybersecurity training at all, and 70% have no idea how to handle a cyberattack. 

Despite a lack of training, however, some sectors have displayed what IBM calls "overconfidence" in their ability to handle ransomware incidents. 

screenshot-2020-02-27-at-10-58-48.png

CNET: iBaby monitor vulnerable to hacking

As ransomware attacks are fully capable of impacting customer-facing systems and services, a shift in the general public's view of how they should be handled is also emerging. 

In 2019, 50% of respondents to the same poll said it was the federal government's responsibility to protect cities from ransomware. Now, this number has increased to 78%. 

TechRepublic: How to create a Linux user that cannot log in

The majority of survey respondents, 76%, now also believe that ransomware and other serious cyberattacks should be treated in the same way as natural disasters, saying that digital warfare warrants the same emergency support from government agencies -- and potentially from taxpayer coffers, too. 

"The emerging ransomware epidemic in our cities highlights the need for cities to better prepare for cyberattacks just as frequently as they prepare for natural disasters," said Wendi Whitmore, VP of Threat Intelligence at IBM Security. "The data in this new study suggests local and state employees recognize the threat but demonstrate some overconfidence in their ability to react to and manage it. Meanwhile, cities and states across the country remain a ripe target for cybercriminals."

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0