Ransomware attacks on U.S. public sector at record high

Share post:

Ransomware attacks on the U.S. public sector are on track to reach record levels in 2023, with both traditional encrypt-and-extort and newer data theft-only attacks targeting local governments, schools, and other entities.

Security experts say that public sector organizations are attractive targets for ransomware attackers because they often have limited IT budgets and cybersecurity resources, while also holding sensitive data such as housing information, student records, and patient data.

“When you add to that the lack of funding that they have for security, they make an easy target,” said Allan Liska, threat intelligence analyst at Recorded Future.

Fighting back against ransomware attacks is no easy task for public sector organizations. Many are rapidly expanding their digital footprints, but are also adding complexity to their environments that often only a small number of security practitioners are responsible for protecting.

“That challenge can be relatively insurmountable,” said MK Palmore, former FBI agent and director in Google Cloud’s Office of the CISO.

Another challenge is the supply-chain risk posed to public sector organizations, many of which rely heavily on third-party tools and outside contractors.

“Organizations have to do due diligence, which gets to be pretty challenging due to issues like limited workforce and the unwillingness of organizations to adopt tools that would allow this to be automated,” said Liska.

The sources for this piece include an article in TechCrunch.

SUBSCRIBE NOW

Related articles

North Korean hacker infiltrates US security vendor, loads malware

KnowBe4, a US-based security vendor, unknowingly hired a North Korean hacker who attempted to introduce malware into the...

CrowdStrike releases an update from initial Post Incident Review: Hashtag Trending Special Edition for Thursday July 25, 2024

Security vendor CrowdStrike released an update on from their initial Post Incident Review today. The first, and most surprising...

Security vendor CrowdStrike issues an update from their initial Post Incident Review

Security vendor CrowdStrike released an update from their initial Post Incident Review (PIR) today. The company's CEO has...

CrowdStrike CEO summoned by Homeland Security committee over software disaster

CrowdStrike CEO George Kurtz has been called to testify before the U.S. House Committee on Homeland Security following...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways