Public Sector Remains a High Target for Cyber Espionage, Nation State Attacks

Bogdan Botezatu

September 14, 2016

Public Sector Remains a High Target for Cyber Espionage, Nation State Attacks

Government agencies are no strangers to hacker attacks. Some of the biggest and most well-publicized breaches in recent years have come against public sector organizations—despite ongoing efforts to bolster the cyber security of agencies that have a huge impact on the lives of many citizens worldwide.

We’ve seen substantial attacks against government agencies in 2016, following the epic 2015 hack against the U.S. Office of Personnel Management that resulted in the theft of sensitive personal information about more than 20 million people both inside and outside the government.

 Here’s a quick rundown of the latest activity:

The U.S. Department of Justice in February 2016 experienced a breach of its database in which hackers released data on 10,000 Department of Homeland Security employees one day and then released data on 20,000 FBI employees the next day, according to CNN. The information stolen included names, titles, phone numbers and e-mail addresses.

In April 2016, the database of the Philippine Commission on Elections (COMELEC) was breached and the personal information of 55 million voters was potentially exposed in what might rank as the worst ever government data breach anywhere, according to InfoSecurity magazine. The report said the Website of COMELEC was compromised in March by Anonymous, before LulzSec Pilipinas stuck the database online days later.

And the U.S. Internal Revenue Service (IRS), also in February, announced that the data breach it uncovered in May 2015 was much larger than initially thought. Originally the IRS said more than 100,000 American taxpayers had their personal information compromised when the agency’s system was hacked. But the agency later increased the numbers to more than 700,000.

Government agencies are particularly popular targets for cyber espionage, in which external threat actors such as state-affiliated organizations or nation states infiltrate networks looking for sensitive data. According to Verizon’s 2016 Data Breach Investigations Report, which looked at security threats in 20 different industries, public sector entities were at the top of the list of espionage-related attacks.

The barrage of attacks against public sector agencies shows no signs of abating, according to consulting firm PwC’s Global State of Information Security Survey 2016. These types of organizations detected 137% more cyber security incidents in 2015 than the year before, the report says.

As a result, the public sector is taking proactive steps to rethink cyber security and address security top priorities, PwC says. Many of the agencies are deploying technology such as cloud-based cyber security, advanced authentication and big data analytics.

A huge majority (92%) have adopted one or more risk-based cyber security frameworks such as ISO 27001 to help enhance their security. More are collaborating with other organizations to share cyber security intelligence.

Also indicative of the importance of information security is the fact that government organizations are showing a renewed willingness to spend on security solutions. Following a drop in spending the year before, public sector agencies increased their information security budgets by nearly one quarter (23%) in 2015, according to PwC.

Among the top security priorities for government organizations for the next 12 months, according to the report, are continuous monitoring, cloud computing security and mobile device security.

Public sector respondents rated continuous monitoring of networks and user activity as their top security priority for the coming year. Many are improving monitoring capabilities by deploying a security operations center (SOC) that typically monitors for cyber security incidents on a continuous basis.

The use of cloud computing in the sector rose significantly in 2015, and respondents said 42% of their systems have been moved to the cloud. Cloud computing has emerged as a sophisticated tool for cyber security safeguards in recent years, and 56% of public sector organizations now use cloud-enabled cyber security for services such as real-time monitoring and analytics, threat intelligence, advanced authentication and identity and access management.

And as more government employees use personal smartphones and tablets at work, cyber security has become an increasingly important priority at agency. More than half of respondents think the use of mobile devices has impaired security. To strengthen security, agencies are adopting authentication technologies such as software and hardware tokens, smartphone tokens and cryptographic keys.

Because mobile devices rely heavily on cloud infrastructure, cloud-based cyber security services are playing an increasingly important role at agencies. Public sector organizations are also using cloud-based services to address the core cyber security requirement of identity and access management.

Some have deployed cloud-enabled services such as advanced authentication and identity and access management, while others are deploying on-premises advanced authentication technologies such as hardware and software tokens, cryptographic keys and biometrics to better manage access to networks, applications and data.

    • Contact an expert



Bogdan Botezatu

Bogdan Botezatu has spent the past 12 years as Director of Threat Research at Bitdefender. His areas of expertise include malware deobfuscation, detection, removal and prevention. Bogdan is the author of A History of Malware and Botnets 101. Before joining Bitdefender, he worked at one of Romania's largest and oldest universities as network administrator in charge of SecOps and policies.

View all posts

You might also like