The public sector holds a wide array of sensitive information, making it a highly sought target for cyber criminals. Government agencies’ data is attractive to hackers because it’s interwoven systems contain vast amounts of information from citizens and other organizations that are linked through a variety of platforms. In addition to this, the public sector’s information systems and technology are rapidly growing, with virtually offered resources and services also increasing. This development creates a demand for innovation and a need to secure cloud database storage. As this storage becomes more complex, the government faces the challenge of developing technology to keep up, while covering any loopholes.
The public sector is primarily funded by taxpayer dollars and these government agencies operate on limited budgets where IT department allocations may be scant. This means less software updates and security, leaving many of these organizations operating on outdated technology. A cyber attack to the public sector compromises public services and carries the consequence of a heavy financial toll on these publicly funded agencies. In such incidents, the public sector also must follow public disclosure stipulations. When these targeted cyber attacks occur, they have the opportunity to gain notoriety through media exposure and likewise motivate “copycat” criminals. To ensure proper security against these potential attacks, education on the top cyber threats facing the public sector is essential.
A state-sponsored cyber attack on a public sector can be considered a form of warfare in which one nation or state attacks another’s government agencies and systems known to store valuable information. These attacks are deployed with the goal of locating and manipulating any weaknesses in national infrastructure, collecting intelligence on the nation or retrieving money out of the system or people. The public sector is a frequent target for state-sponsored attacks because the multiple government agencies operating across various fields hold a greater, mass impact on the people of that nation. As a result, cyber security should be constantly assessed and updated on databases housing sensitive information to prevent data from getting into the wrong hands. In serious instances, state-sponsored cyber attacks can become a threat to national security.
Ransomware is a specific form of malware designed to control and disrupt the victim’s files. The software completely barricades the user’s ability to access the system unless a certain sum of money is paid as a ransom. In instances of ransomware attacks to the public sector, the crime inhibits government agencies’ ability to administer important procedures or supply services the community needs. One of the most serious examples of this is the 2017 WannaCry ransomware attack, which impacted more than 150 countries and forced the National Health Service (NHS) to halt its operations. This attack alone compromised thousands of hospital services, surgeries and appointments and cost the NHS millions of pounds in damage. In many cases, ransomware has the potential to create significant financial damage through the crime itself as well as recovery efforts.
To further the damage caused by ransomware, cyber criminals or adversaries also might use timing or double extortion to their advantage. Typically, ransomware attacks are planned in a precise manner to increase the stress of a pressing, time-sensitive situation. The double-extortion tactic is used to increase the victim’s motivation of paying the ransom by threatening to sell or auction the data that was encrypted. Ransomware criminals’ strategies are constantly shifting and developing to successfully extort more victims, yet the U.S. government does not recommend paying ransoms if they are able to be avoided.
Consider: Paying might be the quickest way to relieve the situation, but it does not guarantee that the criminals will restore the data, even after payment. Furthermore, the criminal might target you or your organization again, knowing you willingly paid the ransom before. In extreme cases, the criminals might turn around and demand more money after the initial payment, placing the data in continuing jeopardy. Lastly, paying ransoms encourages ransomware attacks in the future, reassuring cyber criminals that they can get away with it.
Phishing is a form of cyber espionage, typically masked by an email, phone call or text message where a cyber criminal impersonates a licensed institution to retrieve valuable personal information from victims. These details could include banking or routing numbers, credit card numbers, personal identification information, security codes, or logins and passwords. This type of threat is sometimes used as a method to carry out ransomware attacks and has become increasingly prevalent in the pandemic environment with COVID-19-related phishing. Considering the high volume of messages, emails and phone calls regularly received by government agencies, the public sector is much more vulnerable to a phishing attack if close attention is not paid.
Some indicators of phishing can be a “sense of urgency” created by the criminal, or the provoking situation may appear as “too good to be real.” Users should be wary of hyperlinks or attachments that demand clicks or actions to open documents without an exact link address provided. Additionally, some phishing ploys may come from an unknown caller or sender. Many criminals may use “spoofing,” sending phishing emails from a domain or phone number that looks almost exactly like the organization’s domain or phone number. Be sure to look for warnings that the email is “outside of your agency’s network.”
Internet “hacktivists” are cyber criminals who hack a computer system as a form of social or political activism. Their objective is to prove a point through their crime or defeat an opponent’s standing. Hacktivists target organizations that they do not agree with and aim to confront those with opposing views. Many government agencies and public sector services are extremely susceptible to this threat because of the platform it provides hackers to promote their own causes and draw attention. Hacktivists see their targets as an inequity or outrage that they can “rectify” by hacking private emails, confidential databases and websites, or by spilling private items to the public that reveal confidential information. Denial-of-service attacks are another method employed by hacktivists. These occur when hackers overwhelm a website with traffic to force it offline, employing the use of mass “zombie” computers. These attacks are performed by cybercriminals that are typically motivated by revenge, politics, social activism, ideology, protests or wishes to embarrass their target.
Improper Usage & Internal Attacks
One of the greatest threats to an organization can be its own employees, since they have access to the entire system. Accordingly, employees should undergo proper training to understand cyber security and the consequences of improper usage of technology. Unfortunately, internal information breaches can occur due to an irresponsible employee or human error, and the work-from-home movement has further complicated this situation. The freedom to log in from a variety of devices also can pose a threat to the system and the transfer of data between networks, highlighting the importance of multi-factor authentication and remote browser isolation (RBI). Employees with access to large amounts of information should be monitored closely to ensure proper usage of the technology or systems to prevent any internal conflicts.
In all, prevention is the best practice for cyber security in relation to threats facing the public sector. At the base level, it is extremely important to consistently back up organization data and keep software updated. The use of multi-factor authentication systems, network vulnerability assessments and cyber attack response plans also provides specific actionable steps to increase the protection of data. Lastly, ensure employees are properly trained with professionals in the subject, and consider purchasing special insurance if your organization is vulnerable to attacks. The public sector remains a target. Maintaining awareness of these threats through ongoing education on cyber security measures is essential to preventing data breaches and threats to national security.
Interested in upgrading your organization’s cyber security? The Institute for Defense and Business’ (IDB) IU-IDB “Cyber Risk Management Program in a National Security Context” program provides virtual education on cyber security and risk mitigation. This program is designed for military leadership in career levels: 0-2 to 0-4, W-1 to W-3, E7 to E-9, GS11 to GS-13, early career professionals and private industry professionals. Learn to harness technology’s benefits and become more aware of its risks with IDB.
About the Institute for Defense and Business
The Institute for Defense and Business (IDB) delivers educational programs and research to teach, challenge and inspire leaders who work with and within the defense enterprise to achieve next-level results for their organization. IDB features curriculum in Logistics, Supply Chain and Life Cycle Management, Complex Industrial Leadership, Strategic Studies, Global Business and Defense Studies, Continuous Process Improvement, and Stabilization and Economic Reconstruction. Visit www.IDB.org or contact us on our website for more information.