Top cybersecurity threats in the public sector
In July 2021, Kaseya – a large IT firm – announced that it was the target of a massive supply chain ransomware attack. The attackers exploited a vulnerability in Kaseya’s VSA remote management service to develop an automated malicious software update. This was then used to target managed service providers and their corresponding customers. In response, Kaseya took down its SaaS servers and data centers. Customers were also immediately notified to shut down their VSA servers. Russian-linked group REvil claimed responsibility for this attack and made a ransom demand of $70 million in exchange for a universal decryption key.
Organizations around the world – Sweden, the United Kingdom, South Africa, Canada, New Zealand, Kenya, and others – were impacted by the attack. Kaseya reported that less than 60 of its clients and fewer than 1,500 downstream companies were impacted by this ordeal.
The public sector faces an increasing number of cyberthreats and this incident is just the latest example of the increasing level of sophistication of the attacks.
Here, we will discuss why the public sector is vulnerable to cyberattacks, the main types of attacks targeting the sector, and how to defend against them.
Cyber vulnerabilities in the public sector
Research shows that over the past 2 years, 88% of public sector organizations have suffered at least one cyberattack. Here’s what makes the public sector – government entities, healthcare institutions, law enforcement, education – such an alluring target for cybercriminals:
- The public sector contains large amounts of private, sensitive, and confidential data – e.g., citizens’ personal information like social security and health information, major projects, political campaigns, budgets, etc.
- Cyberattacks can have a profound effect on the operational capabilities of any public sector entity. Shutting down important systems and portals for weeks may cause substantial financial damage. Cybercriminals use this vulnerability to target these entities with threats like ransomware.
- Public sector entities like municipal governments mostly work on taxpayer income, meaning they have significantly stricter budgets and don’t necessarily prioritize their cybersecurity. Without adequate cybersecurity solutions, their networks are more likely to have vulnerabilities that threat actors can exploit.
- The use of outdated and obsolete systems and software, in addition to the failure to update security patches to current requirements, presents a huge risk to the public sector and makes it highly susceptible to cyberattacks. This also makes it harder for organizations to detect cyberattacks in time and respond accordingly.
Major cyberattacks targeting the public sector
In a ransomware attack, malicious actors hack servers, encrypt and steal data, and hold it hostage for ransom. Threat actors have also increased the level of damage caused by this attack with tactics like double extortion and Ransomware-as-a-Service.
Phishing is a social engineering practice where victims are contacted via email or a text message by threat actors pretending to be a legitimate professional or an organization to trick them into sending sensitive data, money, or installing malware. Spear phishing is very similar, the only difference being that it is targeted to a specific individual or institution. It is a more elaborate con that employs a high degree of personalization. This attack can unfold over some time, with the goal of gaining trust and ultimately accessing all the coveted information.
State-sponsored attacks are a type of warfare organized by a foreign nation or state on governmental or other entities that contain valuable information. The goal of these attacks is to target and exploit any vulnerabilities in national resources, collect information on citizens, and maintain intelligence on the state’s activities.
Supply chain attacks work by targeting vulnerabilities in an organization’s supply chain network. Once threat actors detect a vulnerability they can exploit, they install a malicious code or component into an essential piece of software or hardware – thus infiltrating the organization’s systems. This then spreads to third-party vendors and the rest of their supply chain network, causing a widespread attack.
In a DDoS (Distributed Denial of Service) attack, the intent is to disrupt a server or network’s normal flow of traffic by using spoofed IP addresses to send large packets of data. This high traffic volume overwhelms the target, eventually crashing it. This attack blocks organizations from accessing their networks and greatly affects their operational activities.
Hacktivists are individuals who hack into systems as a way to showcase their political activism. They target entities whose political views they do not agree with and hack their systems as a way to confront them or intimidate them. Governmental organizations are a major target of such attacks due to their political nature. In many cases, hacktivists will even leak classified data like private emails, databases, or even personal information to tarnish their opponent’s reputation. They may also use DDoS attacks to execute their activities.
Lastly, human error and negligence greatly contribute to cyberattacks. Additionally, there are instances of public sector current or former employees or third-party associates abusing their power and selling sensitive data to attackers for their own profit.
What can the public sector do to bolster cybersecurity?
1. Implement a strong cybersecurity policy that is based on established guidelines and efficient cybersecurity practices. Moreover, ensure compliance with federal frameworks and guidelines like NIST Cybersecurity Framework to effectively manage and mitigate risk as well as national infrastructure and resources.
2. Educate employees about the most common types of cyberattacks and how to spot suspicious behavior in the digital environment. Conduct regular training and testing to ensure they are aware of the cybersafety protocols to be followed.
3. Implement security controls like antivirus, antimalware, firewalls, encryption, and multi-factor authentication to ensure that all system devices are secure from security breaches.
4. Update all software, applications, and programs to the latest requirements to eliminate any vulnerabilities that cyber attackers could use to their advantage. Employ endpoint security programs and solutions to ensure added security on all system devices.
5. Store critical and/or private information on secure platforms with limited access given only to trusted employees. Additionally, consider switching data storage from locally, on your systems, to securely in the cloud.
6. Regularly back up organizational files and systems to an alternate and secure location. This practice helps restore operations quickly in the event of a data breach.
7. Carefully monitor user activity on all systems and networks to ensure that there is no suspicious activity. Furthermore, regularly audit all systems for vulnerabilities.
8. Since the public sector is a major target for cybercriminals, invest in a strong cyber insurance policy to cover any liabilities in the event of a security breach.