This blog is the second of six upcoming articles about the growing cybersecurity threat known as ransomware. GovLoop partnered on this series with Veritas Technologies, LLC, a data management software company and ThunderCat Technology, an IT solutions provider. Working together, we aim to explain what ransomware is and how federal agencies can prepare for, respond to and survive potential attacks.
A new survey of government IT officials suggests most federal agencies would struggle to quickly recover from a serious cybersecurity threat.
According to a December 2019 survey conducted by Scoop News Group on behalf of Veritas Technologies, LLC, only 34% of federal IT decision-makers said their agency could fully recover from a ransomware or malware attack in 12 hours or less.
Ransomware is a dangerous type of malware, or software that’s created to intentionally damage devices and systems such as computers, networks and servers. Unlike other kinds of malware, ransomware threatens to publish the victim’s data or block user access until a ransom is paid.
Unfortunately, ransomware is becoming more common as cybercriminals profit from using it against agencies and other victims.
“Ransomware is the new front of combat for America and the world,” said Rick Bryant, National Healthcare Architect and Practice Director at Veritas. “It can create a black mark on the federal government. You expect those agencies to have the highest level of security. We lose confidence in their ability to protect us.”
The survey further illustrates how disruptive ransomware and other malware can be in that just 20% of federal respondents in the survey said their agency could recover from both problems in four hours or less.
Another 14% said that their agency could rebound in five to 12 hours. After that, 15% said 12 to 24 hours, and 20% said over a day. On the more extreme end, 8% said their agency would need over a week to heal from a ransomware or malware attack, while 9% said they’d require over a month — and 4% said they could never recover.
Across every level of government, ransomware can disrupt public services, cause unexpected financial costs and hurt citizens’ trust in agencies.
At federal agencies, the danger from ransomware only grows when national security enters the equation.
The Treasury Department announced in September 2019 that North Korean state-sponsored hacking groups had conducted ransomware attacks. Treasury noted that the campaigns ultimately helped fund North Korea’s missile and weapons programs, both of which it has repeatedly used to threaten the U.S.
“Ransomware can perpetuate recruitment to terrorist organizations,” Bryant said. “When I learned about North Korea funding its missiles with ransomware, that was a huge wakeup call for me.”
Other agencies have similar concerns. Forty-five percent of federal participants in the recent survey ranked national security as the top concern when asked how data loss due to ransomware could affect their mission. Another 45% said employee productivity loss would have the biggest impact.
Other concerns include prolonged loss of services (39%), unbudgeted expenses for remediation (35%) and loss of institutional trust (31%).
Bryant said that ransomware is increasingly worrisome because agencies are spreading their data across multiple locations and mediums.
“That’s the biggest problem we have,” he said. “There’s so much data being created in so many different forms in different places. It’s also hard to administer and maintain it. If they don’t know where the data’s at, how can they protect it?”
Bryant recommended that agencies address ransomware by creating a unified plan for all the data in their physical, virtual and cloud computing environments.
Comprehensive data plans such as these, he argued, can help agencies withstand and recover from ransomware attacks. In the survey, 72% of federal respondents said that their agency has a data backup and recovery strategy.
Despite this, the growing complexity of IT implies agencies must stay one step ahead of ransomware or risk suffering a painful cybersecurity incident.
To learn more about how ransomware is influencing federal and state IT decision-makers, click here to read Veritas Technologies, LLC’s recent survey.