Despite the low-tech nature of many public entities and local agencies, government ransomware attacks are a very real risk (with very costly consequences). Is there a gap in your organization’s cybersecurity preparedness?
There’s no doubt that cybersecurity is growing concern for leaders in both the public and private sectors – but often for very different reasons. Business leaders focus a great deal on directly mitigating the risk of data breaches because they recognize that their proprietary information and customers’ data is a valuable target. On the other hand, local government agencies and other public entities tend to focus more on the impact of cyberattacks in their community than on their own systems. After all, low-profile and low-tech departments seem like a low-value target – especially since they don’t store much (if any) sensitive consumer data.
But – government ransomware attacks (on both the local and national levels) are a very real yet often-overlooked cybersecurity nightmare.
What’s a Ransomware Attack?
According to the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), “ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid.” In other words, the cybercriminals hold individual computers and/or whole networks hostage until the organization pays the ransom demand.
Why Do Ransomware Attacks Target Public Entities?
Unlike the hackers who steal and sell high-value information, cybercriminals who employ this type of attack make money from ransom payments. This means any organization that relies on access to digital files or operates with online processes is at risk – not just those with high-value data.
For example, in the 2018 government ransomware attack in Atlanta, local courts couldn’t pull up case documents, local residents couldn’t pay bills online, and police departments had to revert to hand-writing reports (according to NPR) – just a few examples of the many government functions that were disrupted.
In the Atlanta government ransomware attack, cybercriminals demanded a ransom payment of six bitcoins (valued at approximately $51,000 at the time) to regain access to the infected computers and networks. The city refused to pay – and ultimately experienced millions of dollars in losses (according to the U.S. Attorney’s Office).
What Can We Do About Government Ransomware Attacks?
First and foremost, it’s essential that all public entities – including local government agencies, utility networks, school systems, and hospitals – recognize that they’re at risk. Once the risk is recognized, plans can be put into motion to prevent an attack and mitigate the impact if one does occur.
- Train Your Staff – Every person who has access to a computer on the network or to an email address associated with your network (including volunteers, remote employees, and seasonal workers) needs to undergo training. If one employee simply opens a phishing email, ransomware can infect an entire network.
- Create a Back-Up Plan – Develop a system for continuing core operations even if you’re blocked from your digital systems.
- Get Cyber Liability Insurance – This coverage is specifically designed to address the risks that come with using modern technology, including a data breach, system failure, and cyber extortion (aka ransomware attack). Other types of business liability coverage simply won’t cover these risks.
Start the Discussion About Mitigating Risk with Cyber Liability Coverage
At Swarts, Manning & Associates, we provide a unique perspective on all of your commercial coverage options, and we help to determine which carrier best fits your business needs. We strive to find you the broadest coverage at the best available rate. Give us a call to get started: (833) 878-2820.
Each week, Swarts, Manning & Associates covers relevant topics for your business. Stay tuned to hear more discussions about managing your insurance and industry-specific tips.