How government agencies can avoid ransomware attacks

Michael J. Del Giudice
How government agencies can avoid ransomware attacks

You don’t have to navigate the uncertainty of ransomware attacks alone.

Ransomware attacks continue to pose a serious threat to the public sector. In its 2021 Data Breach Investigations Report, Verizon analyzed more than 29,000 incidents and found that government administrations experienced the highest number of confirmed data breaches across all industries.1

Since the COVID-19 pandemic began, such breaches have increased in both frequency and complexity. The rapidly expanding digital landscape gives attackers more surface to act than ever before.

So how can organizations shoulder the heavy responsibility of keeping their communities’ public services secure against the negative impacts ransomware attacks might have?

Plenty of agencies faced similar threats and successfully mitigated risk. For years, Crowe has been identifying security deficiencies and turning them into opportunities for improvement.

Here are four defenses your agency can implement to try to avoid ransomware attacks.

Stay on top of public sector and cybersecurity and other insights by subscribing to Cybersecurity Watch.

1. Build a strong cyber resilience program.

Build a strong cyber resilience program.

Your ability to anticipate, combat, recover from, and adapt to adverse security events – especially ransomware – is critical.

Agencies can be proactive by implementing a suite of solutions – protection, detection, response, and recovery – across the entire cybersecurity life cycle. Having these solutions in place can help strengthen cyber resilience programs.

Protect against ransomware attacks

  • Content filtering. Block websites, emails, or files that could be potentially harmful to your network if accessed by end users.
  • Employee training. Educate employees about possible vulnerabilities surrounding business operations. Teams should be aware of threats and able to protect against attacks.
  • Patching programs. Stay on top of software bug fixes.

Detect ransomware attacks

  • Log monitoring. Scan log files for changes that could indicate a security event. Immediately alert your teams if anything suspicious is identified.
  • Managed detection and response. Detect malware and malicious activity within the network. Rapidly respond to threats.
  • Endpoint detection and response. Monitor and collect endpoint data in real time to reveal threat patterns.

Respond to ransomware attacks

  • Incident response. When an attack occurs, identify it quickly. By quickly identifying an incident, you can minimize negative effects, contain damage, and reduce the risk of future incidents.
  • Tabletop exercise. Proactively prepare for an attack by simulating real-life events and assign roles to address them effectively.

Recover from ransomware attacks

  • Disaster recovery. Regain functionality of your IT infrastructure and get your security back on track after an event.
  • Backups. Recover data that was copied to a backup before an unplanned event occurred.

2. Remember that security is a journey, not a destination.

It’s no secret that ransomware attackers are continually evolving and developing new forms of attack, identifying ways they can disrupt your organization.

Taking steps to verify that systems are regularly managed and updated can improve efficiency and create a stronger defense to help avoid potential ransomware attacks.

It’s critical to have a plan in place to strengthen security protocols and to educate relevant teams about the plan. Everyone should be able to hold each other accountable for their specific roles.

Given that security is an ever-changing journey, there is no perfect way to go about it. The lessons you learn along the way can make a difference in your preparedness for ransomware attacks, and ultimately make your networks and IT infrastructure more secure.

3. Manage third parties effectively.

Manage third parties effectively.

Third parties enhance cyber resilience programs with needed expertise. The right provider can alleviate pressure on internal teams and help agencies focus on larger security initiatives. Success with third parties, however, is only possible if they are managed well.

Organizations need to take responsibility for third-party management – not simply transfer the risk to vendors. Vetting third parties and making sure they are properly monitoring threats can prevent problems in the long run, especially when ransomware attacks pose such a large danger to your IT infrastructure.

Get cybersecurity and other insights delivered directly to your inbox.

4. Lessen financial risk with cyber insurance.

The reality is that it’s no longer a matter of if a cyberattack will occur, but when.

Though you shouldn’t depend entirely on cyber insurance as a mitigation option, you should not be afraid to explore obtaining it. Cyber insurance can help reduce financial risks for your agency – especially in this digital age.

1 "Verizon 2021 Data Breach Investigations Report," Verizon, May 13, 2021,

Related insights

Need some extra direction? Let us help fill in the gaps.

For a comprehensive security assessment, reach out to an experienced Crowe consultant today.
Michael Del Guidice
Michael J. Del Giudice
Principal, Consulting