Over a quarter of UK councils have been hit by a ransomware attack in the past, although most backed-up to mitigate the worst effects, according to new research from Barracuda Networks.
The firm sent Freedom of Information (FOI) requests to 430 local authorities, with 30% failing to respond because their IT systems are outsourced.
Some 27% admitted to having been infected by ransomware in the past, but none paid-up to obtain a decryption key.
That’s because the vast majority (70%) followed best practices by having back-up systems in place. In fact, no council admitted to not having such a system set up.
However, the stats nevertheless reveal that cybersecurity in many local authorities continues to be too reactive, which should be concerning in light of the forthcoming EU General Data Protection Regulation (GDPR).
The new law will give regulators the power to levy major new financial penalties for non-compliance. It mandates that organizations implement state-of-the-art security to keep data secure and available at all times.
Barracuda Networks SVP, Chris Ross, told Infosecurity Magazine that a proactive approach to ransomware protection should involve securing and segmenting the corporate network to contain the spread of any threats.
“The most common ransomware entry point is via email, making employees the weakest link in your cybersecurity chain. As attackers increasingly exploit ‘human networks’ in targeted phishing and spear-phishing campaigns, education is a critical line of defence; it only takes one click by one unsuspecting employee for a ransomware attack to wreak havoc in your business,” he added.
“By being proactive and preparing for every eventuality when it comes to ransomware, businesses can decrease the likelihood of a successful and costly attack. If the worst-case scenario plays out and you do become a victim of ransomware then you need to realize that it is never too late to re-evaluate your security strategy; just because you’ve been hit once, you are in no way immune from future attacks.”
A similar study by Avecto last June found that nearly a third (30%) of UK councils had been a victim of ransomware in 2015.