Local Governments Are Hit Harder and More Often by Cyber Attacks

The Voice • August 2019

A document published in May 2019 by Recorded Future revealed that 169 instances of ransomware attempts against state and local governments had taken place since 2013. Once the attacks had taken root, demands were made and prices were paid- in some instances. According to the report, 17% of the afflicted government bodies paid the requested ransom – ranging anywhere from thousands to well over $100,000, including a payout from Rivera City, Florida, where a $600,000 ransom was paid.

As cyber threats become more numerous, and more dangerous, it is becoming increasingly obvious that government agencies are an easier mark than most would like to admit. Statistically speaking, public-sector targets of cyber attacks pay 10 times more, on average, than their private sector cohorts. This type of history alerts future cyber terrorists that those agencies are targets ripe for big payouts. But the real questions is this- why are these local and state government bodies easier targets? There’s several details to consider, such as the lack of a singular law enforcement agency tasked with responding to these attacks. The FBI, one of the primary sources for cyber attack resolutions on larger scales, relies on victims to self-report, which limits the work that can be done to resolve the issue before it’s too late.

Cyber terrorists are evolving and doing their best to stay ahead of the underfunded security measures that far too many government bodies employ. Some attackers spend weeks scouting their target, noting habits, technological limitations, and even constructing files on individual employees for more targeted phishing attempts. These hackers range in form from individuals doing their best on their own, to members of a criminal organization. Whether they are one or many, it has become increasingly, and alarmingly, easy for these criminals to target public sector agencies. Many victims are stuck with the bill while the FBI struggles to gain ground. Increased awareness is valuable, but to be prepared and proactive is better than to scramble for a potential recovery solution.

[1] https://statescoop.com/ransomware-local-government-pays-10-times-more/
[2] https://www.engadget.com/2019/07/26/local-governments-are-still-woefully-unprepared-to-fight-ransomw/?guccounter=1