Survey indicates federal agencies lack adequate planning to recover from ransomware attacks

Despite news coverage suggesting ransomware attacks are primarily impacting state and local government, federal agencies are just as often at risk of attack, according to respondents in a new survey.

Among federal IT and agency leaders polled, 30 percent reported their agencies have been directly affected by a ransomware attack within the last three years, compared to 32 percent of state respondents.

Read the full report.

The study also found that among those whose agencies had been affected, 1 in 4 opted to pay the ransom demand — and not always with success. One in 10 of those affected said they paid the ransom but were unable to recover their data.

The report, “Ransomware threats: Is your agency ready?” shows that agency leaders face a complicated mix of challenges to guard against cyberthreats. It also found that federal and state agencies may not be backing up their data frequently enough— or have the appropriate recovery plans in place — to avoid the impact of an attack.

The report highlights findings from a survey of 150 federal and state government IT decision makers and was produced by FedScoop and underwritten by Veritas Technologies.

Ransomware poses a growing threat to federal data security

Overall, 8 in 10 government IT officials believe ransomware will be as great, if not a greater threat in the coming year.

“[Ransomware attacks is] only getting worse. The actors are shifting their business models and going to more coordinated attacks like we saw in Texas [in 2019],” said Chris Krebs, director of DHS Cybersecurity and Infrastructure Security Agency, in a comment quoted in the report.

How long would it take the agency department to fully recover its critical data from a ransomware attack? (FedScoop graphic)

However federal officials in the study viewed the potential consequences of a ransomware attack differently than their state counterparts. Federal respondents, for instance, identified national security as their biggest concern if their agency suffered a critical loss of data, while state officials said unbudgeted expenses for remediation was their top concern.

Despite these concerns, the findings indicate that agencies may not be prepared to recover from an attack if they are the next victim. Only 34 percent of federal respondents said their agency could recover its most critical data within 12 hours of an attack.

“As agency services depend increasingly on real-time data, leaders may need to reassess whether their backup and recovery strategies meet emerging threats,” the report observes.

Even though ransomware is a known threat to IT officials, respondents indicate their agencies still don’t have the appropriate policies in place in the event of an attack. Only half of respondents report procedures to recover or isolate ransomed data. One-third indicated their agency has plans to engage with law enforcement.

Internal challenges combatting ransomware

Government agencies face several internal challenges that inhibit their ability to improve ransomware defense.

More than 4 in 10 respondents cited poor user awareness and lack of budget as obstacles. Three in 10 said their agency struggled with executive understanding or engagement on the risks, and poor education on security solutions they could use.

The findings indicate that agencies could use more help from industry partners to identify appropriate and cost-effective threat detection or data backup and recovery technologies.

What ransomware victims say

Federal/State respondents: Did your agency pay a ransomware to recover its data? (FedScoop graphic)

Those who experienced an attack said that the impact their agencies suffered from the critical loss of its data included a risk to national security, prolonged loss of services and unbudgeted expenses for remediation.

“One of the measures of success comes down to having an action plan ahead of time — not just from the IT side, but working with the enterprise and business sides of government,” said a Department of Homeland Security cybersecurity official in a comment quoted in the report.

With mounting costs from ransomware attacks across the country, federal agencies will need to look beyond established IT security measures and focus new attention on emergency cyber preparedness and data recovery capabilities.

Download the report, “Ransomware Threats: Is Your Agency Ready?” for detailed findings and guidance on ransomware and its impact in the public sector.

This article was produced by FedScoop and underwritten by Veritas Technologies.