Data Protection and Ransomware Prevention for State and Local Governments: Navigating Budget Constraints, Personnel Shortages, and Regulatory Requirements

JULY 9TH, 2024

According to Sophos The State of Ransomware 2024, 34 percent of state and local governments were hit by ransomware attacks last year. Interestingly, the same report notes that government organizations are particularly vulnerable to attacks that start with abuse of compromised credentials, which occurred in nearly half of the reported attacks. 

But ransomware isn’t the only attack vector IT pros at state and local governments need to worry about. The Verizon 2024 Data Breach Investigations Report notes that 1,085 “public administrations” confirmed data disclosures last year. In addition to compromised credentials, the top causes—for 78 percent of breaches—were miscellaneous errors, system intrusion, and social engineering.

The consequences can be devastating, whether from ransomware, phishing, a breach, or a distributed denial of service (DDoS) attack. The same Sophos report found that ransomware payments increased 500 percent last year, with average ransomware recovery costs reaching a breathtaking $2.73 million

While the numbers are bleak, there are plenty of resources available to IT pros in state and local governments to help you establish more effective defenses, protect your backups, and ensure recovery.

Cost-Effective Cybersecurity in Government: Leverage Available Frameworks

State and local governments continually deal with budget constraints that make establishing and maintaining robust cybersecurity prevention, data protection, and recovery capabilities challenging. Fortunately, the U.S. government has created several high-value resources to help you get there within your available budget.

NIST Cybersecurity Framework

The National Institute of Standards and Technology offers a new version 2.0 of its Cybersecurity Framework (CSF). The CSF provides a strategic view of cybersecurity risks to help you understand and improve your risk management. This includes:

• Detect: Monitor for unauthorized access, devices, and software
• Respond: Have an up-to-date disaster recovery plan in place that includes how you will notify employees and constituents, maintain operations, and report attacks to law enforcement and other authorities
• Recover: Restore affected hardware, networks, and files

The CSF has four benchmark tiers: Partial, Informed, Repeatable, and Adaptive. Adaptive is the highest tier, indicating that your organization’s cybersecurity program is optimized to deliver the best possible defenses. You can also choose a “Peer Benchmark” based on similar organizations’ efforts. 


The Cybersecurity and Infrastructure Security Agency (CISA) partners with state, local, tribal, and territorial (SLTT) governments, developing and implementing many information-sharing programs and resources. These programs and resources help governments protect themselves from a variety of CISA-identified threats, lower risk before an incident, and unify defensive actions should an incident occur.

CISA and the Federal Emergency Management Agency also offer a state and local cybersecurity grant program to help fund your efforts. Here, you can find a CISA-developed toolkit for safeguarding localities from cybersecurity threats.

CISA also offers Cyber Hygiene services that reduce the risk of a successful cyberattack. CISA’s hygiene scanning and testing services help you reduce your exposure to threats by proactively mitigating attack vectors. These include vulnerability scanning and web application scanning,

NSA State-by-State Guides

The National Security Agency (NSA) and the Department of Homeland Security (DHS) have created cybersecurity education guides showing available educational opportunities. Your agency can leverage these to help develop in-house expertise.  

Addressing Personnel Shortages

Tight budgets typically translate into overburdened IT teams. The current cybersecurity workforce shortage, which the World Economic Forum says will reach 85 million workers by 2030 is a significant cause for concern. Overcoming personnel shortages takes a creative approach. 

Start by considering outsourcing services to a managed services provider (MSP) or value-added reseller (VAR). They can provide expertise and monitoring capabilities that small in-house teams can’t match and are typically cost-effective.

Automation and AI should be leveraged to handle routine security tasks, and cybersecurity training programs, like this one from CISA, should be employed to add another level of protection.

Deploy the Most Cost-Effective Multilayered Security Solution

Arcserve Unified Data Protection (UDP) cost-effectively simplifies cybersecurity, data protection, backup, and disaster recovery. The software offers automated, regular backups to ensure data integrity and availability and supports the 3-2-1-1 backup strategy (3 copies of your data on 2 different media, with 1 copy offsite or in the cloud and 1 copy kept in immutable storage as a last line of defense).

Sophos Intercept X Advanced for Server is included with Arcserve UDP, employing AI and deep learning to detect and block ransomware attacks before they can cause harm, prevent boot record attacks, and keep your data from being maliciously encrypted.

The software also ensures compliance with regulatory requirements and minimizes downtime by enabling the fast recovery of your data and systems if an attack is successful. 

To learn more about Arcserve UDP, request a demo or check out our 30-day free trial offer