Deloitte’s Center for Government Insights has released "Ransoming Government: What state and local government can do to break free from ransomware attacks” that has analyzed ransomware attacks on state and local governments, the company announced on Wednesday.
The report has also discussed the dilemma of paying or not paying criminals, with the risk of losing access to critical data or the ability to provide services. Deloitte has provided guidelines for government organizations to secure information technology infrastructure and improve resilience.
"Even with cyber-insurance and preventive measures in place, the growing frequency and sophistication of attacks calls for government entities to perform cyber health checks and revisit resilience strategies… Governments can be better positioned to defend against catastrophic events that are expensive to recover from and could impact public safety and trust," said Srini Subramanian, principal, Deloitte & Touche LLP, and cyber state and higher education sector leader.
Deloitte has stated federal organizations paying ransom demands are the primary solution but comes at a high expense. The company added that criminal enterprises are demanding nearly 10 times what they demand from commercial entities.
To combat this growing risk, the report has outlined key considerations for organizations to move forward in this new reality, including smarter systems architecture, a more prepared workforce, better cyber hygiene, cyber insurance usage scenarios and practiced response.
Companies and governments have been recommended to focus on IT infrastructure. Many governments have deferred IT modernization, which leaves governments with increasingly vulnerable networks and systems. Refocusing efforts on modernization will allow for more secure networks and minimize attacks.
The report states that to combat ransomware, governments should also look to creative human capital approaches to train, retain and share more qualified cyber talent as well as private-public-higher education partnerships to effectively tackle cybersecurity.
Attention to details, including software patches and updates, regular system back-ups and regular training for all staff can help to reduce risk by improving cyber hygiene. Organizations also should look to compartmentalize data and develop air-gapped system back-ups to limit the scale of a breach.
Deloitte has promoted cyber insurance as an effective and strategic method for governments to contain the cost of attacks. However, the report noted that ransom payments may increase criminal incentives by the large funds allocated to the defense method.
"[The findings] mean there is a large surface for cybercriminals to attack local governments and hold sensitive citizen data hostage. Government officials need to understand the risk involved if their systems and data were suddenly gone or rendered useless," said Deborah Golden, principal, Deloitte & Touche LLP, and cyber risk services leader.
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 5,000 private and middle-market companies.
Our people work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthy society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them.