IBM-Harris Poll: State, Local Governments Remain Unprepared for Ransomware

Despite increasing ransomware attacks on state and local governments, a high number of employees have seen no change in preparedness from their employers.

That’s according to a new Harris Poll survey sponsored by IBM Security, which polled 690 employees who work for state or local government organizations in the United States.

Seventy-three percent of government employees surveyed are concerned about impending ransomware threats to cities across the country, and more employees fear cyberattacks to their community than natural disasters and terrorist attacks.

IBM’s Christopher Scott

Christopher Scott, global remediation lead for IBM X-Force Incident Response and Intelligence Services (IRIS), tells us the security industry is seeing a skills gap, and it’s even more difficult for state and local governments to secure top security talent.

“However, government decision makers should understand that they don’t need to be handling these issues alone and that securing assistance from MSSPs can help to strengthen their security defenses,” he said.

More than 100 cities across the United States were hit with ransomware in 2019, according to research from Emsisoft. The Harris survey found one in six respondents disclosing their department was impacted by a ransomware attack.

Despite the growth of these attacks, half of the employees surveyed have not seen any change in preparedness from their employers, with only 38% receiving general ransomware prevention training. Also, budgets for managing cyberattacks have remained stagnant according to 52% of state and local government IT/security professionals polled.

“Governments should be ensuring their teams are maintaining and testing backups of their systems, patching systems, creating and implementing incident response plans, and regularly testing their preparedness via threat simulations,” Scott said. “If employees are armed with the proper next steps, governments can avoid crucial missteps and save time in incident response and recovery. Beyond that, providing basic cybersecurity training and raising awareness around common cyber threats is a great starting point.”

Some general best practices include:

• Be cautious of suspicious emails;
• Encourage multifactor authentication (MFA) and biometric authentication;
• Avoid using the same password on multiple sites and utilize a password manager;
• Patch and backup your devices consistently; and
• Be sure not to give others access to your online accounts such as email.

Election security is top of mind for government employees, according to the survey. Some 63% of respondents are concerned that a cyberattack could disrupt the upcoming elections, with most government employees placing their local board of elections among the top three most vulnerable systems in their communities.

The Cybersecurity Infrastructure Security Agency (CISA) has warned that ransomware attacks, in particular, pose a heightened risk to the elections. According to the study, the fear of ransomware attacks feels real to the vast majority of responding government employees, with 73% expressing concerns about threats to U.S. cities.

“The world of cybersecurity continues to evolve and there are real threats to many of our cherished and trusted systems,” Scott said. “For these systems, making sure that people are paying attention to anything suspicious with voting machines and securing them through functions such as red-team…