Ransomware attacks on state, local, and education (SLED) organizations have increased in recent years, and they show no signs of slowing down.
Just a few weeks ago, the City of Oakland was hit by a ransomware attack that forced the city into a state of emergency as officials scrambled to respond. And they aren’t alone — a 2023 report by Emsisoft reports that at least 106 local governments were attacked last year, along with:
- 44 universities and colleges
- 45 school districts operating 1,981 schools
- 25 healthcare providers operating 290 hospitals
In this article, we’ll explore why state, local, and education organizations have become prime targets for threat actors and arm you with seven cost-efficient ways to stay protected.
The Risks: What Makes State, Local, and Education (SLED) Organizations Vulnerable for Ransomware Attacks?
Limited Budgets and Resources
It’s no secret that budgets can be tight among SLED organizations, especially when it comes to cybersecurity.
Hackers, unfortunately, are keenly aware of this fact. With SLED organizations often having small security teams, old systems, and infrastructures that are easy to penetrate, it makes sense that hackers view them as easy targets.
Legacy Systems
Limited security funding often means that state, local, and education organizations continue to use the same software they’ve been using for decades.
Much of this software has become end-of-life, meaning no new security updates are released. Without protection against the latest threats, legacy systems become prime targets for attacks.
A 2020 Deloitte report cites these outdated systems as one the largest barriers to cybersecurity among state governments.
Valuable Sensitive Information
State, local, and education organizations are goldmines for sensitive information like social security numbers, tax records, health records, and more.
This type of information is extremely appealing to attackers looking to perform double-extortion attacks; i.e., ransomware attacks that steal data in addition to encrypting it. (If you aren’t worried about these attacks yet, you should be — research from CipherTrace shows that these attacks increased by almost 500% in 2021).
A Hasty Switch to Remote Work
COVID-19 dramatically changed the way state and local governments and schools operated.
Suddenly, these organizations went from operating almost entirely in person to entirely online. Because of how quick the switch was — and because of a lack of resources and funding — many were unable to keep these connections secure.
With many organizations opting to permanently keep employees at home, endpoint and cloud security remains a huge concern.
The Solutions: 7 Ways State, Local, and Education (SLED) Organizations Can Protect Against Ransomware Attacks
1. Regularly Patch Your Systems
The intensity of today’s threat environment means that traditional security measures — like patching your systems — are no longer enough to stay safe.
They are, however, a great place to start.
In 2022, 7% of all breaches stemmed from exploits to known vulnerabilities. This makes keeping your systems up to date one of the best and easiest ways to boost your protection.
Begin by taking inventory of your assets and removing as many that are unused/end-of-life as you can. Then, create a plan for updating the remaining assets, and lastly, establish a monthly patching schedule so that you continuously stay up-to-date.
Remember — once a vulnerability is known, it’s only a matter of time before hackers start taking advantage.
2. Invest in Ransomware Detection
Another key way to avoid ransomware attacks is to have a robust detection system in place.
By continuously scanning your network for unusual activity and alerting your IT team whenever a threat is found, detection tools allow you to detect and respond to malware before your files become encrypted.
With that being said, investing in a high-quality monitoring system is only half of the picture. It’s also crucial that you know which detection techniques to deploy and how to best deploy them.
Our Security Use Case Workshops are great for organizations needing guidance on this.
3. Get More Out of a Small Security Team with Automation
You may have a great detection system in place, but if you don’t have an equally great response system, your organization is still at risk.
The average security team receives more alerts each week than they can handle — in fact, most teams admit to leaving a whopping 28% of alerts unaddressed. When it comes to understaffed SLED teams, this number is even higher.
This makes automated solutions with quick set-up times like Splunk Security Orchestration, Automation, and Response (SOAR) such game changers. By consolidating multi-step threat responses into singular automated actions, SOAR solutions allow you to:
- Respond to thousands of alerts in seconds
- Reduce the need for human involvement
- Save up to 35 hours a week
- Stop letting critical threats go unaddressed, even if your team is small
4. Ramp Up Employee Training
With 82% of ransomware attacks stemming from human error, educating your employees on online safety is another basic — yet crucial — way to stay safe.
We recommend increasing security training on the following topics:
- Phishing detection
- Password safety
- Device safety
- Wi-Fi safety
5. Test Your Protection with Ransomware Simulators
Ransomware simulators are tools that safely simulate dozens of real-world ransomware attacks on your systems.
By doing so, they reveal how your organization would fare in an actual attack and help you discover any security holes that need to be resolved.
Ransomware simulators are perfect for organizations that want to make sure every penny counts when it comes to security. This is because the simulators reveal exactly which areas of your organization need improvement, allowing you to save your money for what actually needs fixing.
Ransomware simulators are inexpensive and can be set up in under an hour.
6. Maintain Good Cloud Hygiene
Although migrating to the cloud is a great way to improve your security, it does add a layer of complexity that must be addressed.
To achieve strong cloud hygiene, here are a few best practices:
- Implement strong access controls
- Monitor third-party applications like Micosoft365 and Slack
- Set up multi-factor authentication
- Keep on top of updates
7. Prioritize Security
With the average cost of a ransomware attack in 2022 reaching $4.54 million — excluding the cost of the ransom itself — it’s critical that SLED organizations make security a top priority.
Bringing security to the C-suite, making it a part of company culture, and following all of the above tips are great ways to get started.
Get Individualized Security Guidance with SP6
Our cybersecurity experts are highly experienced in helping state, local, and education organizations leverage their data to secure against all kinds of attacks.
To discover how we can get you started with any of the above solutions, schedule a consultation with us today.