New Report Highlights Lack of Ransomware Attack Prevention Training for US Government Employees

New Report Highlights Lack of Ransomware Attack Prevention Training for US Government Employees

  • Some 73% of government employees showed growing concern about future ransomware attacks against cities and organizations.
  • The report observed a lack of awareness training for staff, as well as a static outflow of cyber budgets for managing cyberthreats.

A study conducted by the tech giant IBM and Harris Poll revealed that the majority of state and local government agencies have failed to prepare their employees to spot and handle a cyberattack incident.

Insights from the research
Recently, IBM Security released the results of a new study containing responses from close to 700 US local and state employees across various sectors namely IT, education, emergency services, and security departments.

  • Only 38% of local and state employees received any training in general ransomware prevention.
  • The program included learning how to spot phishing attempts, the threat of social engineering, and basic security hygiene in the workplace.
  • Of all, 52% of respondents experienced some form of ransomware infection over 2019 including New York, Massachusetts, and New Jersey.
  • Some 73% of government employees showed growing concern about future ransomware attacks against cities and organizations.
  • Around 10% said that they have no dedicated security team in place.

In 2019, 50% of respondents for the same poll said it was the federal government's responsibility to protect cities from ransomware. Now, this number has increased to 78%.

Insights that matter
The research that took place between January and February, 2020 had more to uncover including:

  • The report observed a lack of awareness training for staff, as well as a static outflow of cyber budgets for managing cyberthreats over the past few years.
  • An interesting insight also revealed that people were less worried about surrounding future terrorist attacks or natural disasters when it came to emerging threats. However, 76% also believed that ransomware and other serious cyberattacks should be treated in the same way as natural disasters.
  • Despite a lack of training, some sectors displayed what IBM called "overconfidence" in their ability to handle ransomware attacks.
  • For the public school and education sector,44% of respondents denied receiving any cybersecurity training, whereas 70% had no idea on how to handle a cyberattack. It remained the least prepared sector all in all.

Closing comments
Ransomware comes in many forms and is a lucrative means to generate profit for criminals. The US has witnessed many debilitating ransomware attacks including the global WannaCry outbreak, the Travelex incident, and more recent attacks against several government agencies.

According to Wendi Whitmore, VP of Threat Intelligence at IBM Security, "The emerging ransomware epidemic in cities highlights the need for cities to better prepare for cyberattacks just as frequently as they prepare for natural disasters."

"The data in this new study suggests local and state employees recognize the threat but demonstrate some overconfidence in their ability to react to and manage it. Meanwhile, cities and states across the country remain a ripe target for cybercriminals," she added.