IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

How Governments Can Secure Hybrid Networks from Ransomware

It’s often said that people are the problem in IT security, but ensuring staff are engaged with cyber protocol, having a strong plan in place, and coordinating efforts across state and local agencies can stop attacks.

A ransomware notice on a computer screen.
The heightened prevalence of ransomware has cast a spotlight on the cybersecurity posture of state and local governments across the United States. While larger, high-profile cases like Colonial Pipeline and Kaseya have dominated news headlines, ransomware attacks on state and local governments are happening just as frequently. In 2020, more than 70 state and local governments fell victim to ransomware as the frequency of attacks rose by 485 percent from the year before. From metro police departments and municipal networks to public transit systems and school districts, cyber criminals have increasingly targeted a wide range of small to mid-size government entities lacking the ability to defend themselves.

Firmly cemented, stove-piped IT agencies that operate independently within individual departments are one of the most glaring challenges we experience with counties and municipalities. It is not unusual for a city government to have schools, finance, public works, courts, fire departments, police departments and more all running their own independent IT operations. Oftentimes, we find that CIOs for cities or counties are responsible for everything but have little if any authority and budget to get the job done. This is also true at the state level, with many states having more than 50 independent IT departments.

Another problem is that state and local government entities have the need to possess sensitive personally identifiable information such as names, addresses, Social Security numbers, credit card information and medical records — all of which is coveted by ransomware attackers. Attackers know what we know: that local government entities lack robust security budgets afforded at the federal level and planning oversight to invest in IT security talent and best-in-class network systems, rendering them ill-equipped to detect and defend against highly sophisticated threats.

The pandemic has ushered in the adoption of hybrid structures that intermix in-office and remote work, creating a perfect storm of additional network application and data security vulnerabilities for ransomware attackers to capitalize on. In turn, state and local governments are at a critical juncture in their need to enhance cyber defense capabilities to align with an evolving threat landscape.


With the rise of hybrid network usage amid a ransomware epidemic, there’s never been a greater need for more threat intelligence sharing at the state and local government levels. In August, the Senate Homeland Security Committee advanced legislation aimed at streamlining intelligence sharing among state and local governments, as well as expanding their access to threat intelligence from federal cybersecurity officials. Embracing cross-sector collaboration through artificial intelligence-driven network detection and response (NDR) solutions will be essential for state and local governments to combat ransomware both now and in the future.

It’s clear that the siloed approach isn’t working. Why defend alone with limited resources when an opportunity to form a stronger, more unified line of defense exists? By collaborating with real-time intelligence sharing technology, localized government agencies can leverage visibility into a deeper range of cyber threat indicators and coordinate proactive defense measures within a community of industry peers. The expanded access to the defense tools of fellow organizations would help them offset key vulnerabilities without dramatically increasing their own security spending — offering a solution to the budgetary challenges faced by state and local government IT departments nationwide.


For the IT decision-makers of state and local government entities, cyber engagement must be a top priority. Fostering a cyber-engaged workforce can empower organizations with the agility and business continuity essential for maintaining network security in a hybrid workplace environment.

First, create a hybrid network ransomware defense playbook built on three foundational pillars:

  • Infrastructure security: Maintaining high virtual private network (VPN) usage and two-factor authentication to alleviate IT/security admin vulnerabilities.
  • Employee vigilance: Educating staff on how to identify common phishing tactics, as well as threats of business email compromise and browser extensions.
  • Incident response protocols: Ensuring employees are prepared to follow a concise incident response plan in the wake of a breach.

Police and fire departments, emergency medical services, and municipal courts tend to have network connections that no one in central IT knows about, as well as uncontrolled network perimeters and large volumes of unpatched operating systems and applications due to the lack of centralized control. In response to ransomware, some data forensics companies admit they have never seen an organized backup plan for any state or local government that they’ve been involved with. The inability of several recent large U.S. cities to rapidly recover from a ransomware attack was clearly a direct byproduct of a lack of backups.

The effectiveness of your ransomware defense playbook depends on engaging employees with simplified training programs that enable them to meet security compliance standards as a team of cyber citizens who actively protect the organization.

Cyber engagement requires consistent communication and transparency among all members of the organization. After 18 months of working from home, most employees are likely feeling cybersecurity fatigue. However, they need to know that even the smallest shortcut — such as failing to connect via VPN, password reuse/duplication or using legacy end-of-life equipment (e.g., Windows 2000 servers) — can all lead to a major network breach that costs the organization millions. A culture of cyber engagement helps alleviate fatigue by generating collective buy-in to adhere to hybrid network security best practices.

Employees also need assurance that their concerns are taken seriously and that there’s no such thing as being too cautious. Instilling a widespread belief among the entire staff that hyper-vigilance is valued will encourage employees to carry out their due diligence in reporting suspicious activity. Without encouragement, employees will be less inclined to communicate a potential threat that could prevent a ransomware attack from succeeding. A significant number of incidents receive attention because a vigilant employee brings something forward. Employees are not the weak point; it’s the lack of properly organized controls and giant gaps in cybersecurity plans, policies and strategies.

As state and local governments pivot to security measures that align with hybrid workplace structures, prioritizing threat intelligence sharing and cyber engagement will be fundamental components to combating ransomware in the years to come.

As the chief information security officer at IronNet, Colonel (Ret) George Lamont is a leading expert on cyber force readiness. He authored at U.S. Cyber Command the first-ever Joint Cyber Training and Certification Standards and Cyber Flag exercise series, which serves today as the Defense Department’s gold standard for building a premier cyber space workforce for the nation. Colonel Lamont is focused on bringing the same rigor, discipline and methodologies to the private sector by helping companies build highly skilled teams as part of IronNet’s end-to-end cybersecurity solution and threat intelligence information sharing framework.