There’s nothing quite like a global pandemic with legally enforceable lockdowns to expose the public sector’s dependence on ageing digital infrastructure. While the devastating SolarWinds “sunburst” attack made headlines in 2020 for its impact on private corporations like Cisco and Microsoft, it affected public sector entities like NATO and the UK government, which wield great power and extremely sensitive data. In Africa, there has been a proliferation of cyberattacks on state-owned organisations, such as transport and critical infrastructure, in the past 18 months, indicating the public sector is a lucrative target.
Public sector has come under increased threat during the pandemic
While the pace of transformation may vary from country to country, the public sector as a whole is gradually becoming more digitally mature. However, government departments are often late adopters, and bad actors are taking note. Check Point Software’s 2021 Mid-Year Cyber Attack Trends Report highlights just how prevalent attacks on public sector organisations have become during the pandemic. Globally, government organisations are now one of the most popular targets for bad actors, second only to those in the education and research sectors. Of the 93% increase in global cyberattacks reported by Check Point from 2020-21, many of them are being orchestrated against public-owned entities, but why?
Public sector slow to respond to cybersecurity solutions
“In Check Point Software’s experience with public sector organisations in South Africa and the rest of the continent, cybersecurity is top of mind at the senior level and in the relevant information technology departments, but this urgency does not always reflect in the supply chain on the deployment of cybersecurity solutions. This lack of urgency is compounded by delays due to lengthy procurement processes, which have been intensified by the Covid-19 pandemic,” says Pankaj Bhula, Regional Director: Africa, Check Point Software Technologies. As the cybersecurity landscape evolves quickly, by the time the cybersecurity solutions are signed off on, if at all, the technology is too outdated to manage current threats, leaving public sector organisations vulnerable.
“In addition, there appears to be a lack of awareness and accountability of the consequences of an attack on the public sector in the Africa region which potentially can bring any country’s critical infrastructure to a standstill and threaten the safety of its citizens. The public sector is there to serve, and does not have the same fallout of reputational damage and financial loss as in the profit-driven private sector to motivate for cybersecurity as a top priority,” adds Bhula.
In South Africa, there has been some progress on increasing the speed of cybersecurity implementation in the public sector. A transversal tender for cybersecurity only has been put forward by the country’s government, which can cut down on time on sourcing suppliers and pricing quotations. President Cyril Ramaphosa also signed the Cyber Crimes Bill into law this year, which brings South Africa’s cybersecurity laws in line with the rest of the world. The challenge lies in investigating offences and enforcing this law, particularly in the public sector.
Public sector now regarded as a high-value target by bad actors
The public sector might serve up easier targets than the private sector due to outdated technology, slow uptake on cybersecurity practices and solutions, inadequate education, or a combination of these factors but is it lucrative enough to attract cybercriminal organisations?
Data has value. It can therefore be extorted or sold for profit. If a group of bad actors was to steal thousands of people’s credit card details by hacking into a private organisation such as a bank or online retailer, they’d fetch around US$20 (R300) plus per record if auctioned off on the dark web. If, however, the same group were to attack a public healthcare entity and steal individuals’ medical information, their potential profit would soar and net them more than US$480 (R7 500) per record. And that’s not even considering the amount they could extort from the public sector targets themselves. This isn’t helped by the fact that public sector organisations are often comprised of siloed data behemoths, so if a malicious actor is able to exploit a gap in their defences, the “payouts” are often huge.
The time to act is now
With a threat landscape that’s currently outpacing many private organisations’ capabilities, governments need to start thinking very carefully about their cybersecurity budgets, how quickly their security solutions are implemented, and how they can increase their risk posture in 2022 and beyond.
Some vital steps organisations could take include:
- Preventing advanced persistent threats and zero-day attacks
The implementation of integrated and in-depth protection that enables a public sector organisation to detect and respond to multiple attack vectors simultaneously is crucial looking ahead to 2022. They should choose an integrated solution that uses not only antivirus and IPS protections, but also anti-bot and firewall technology. Using real-time intelligence will also protect against zero-day exploits like the SolarWinds breach.
- Continuous monitoring and diagnosis
Public sector organisations are unique in that they often need to maximise security across borderless networks. To shed light on malicious activity, 360-degree visibility and the ability to continuously monitor IT real estate in real-time are absolutely crucial. We’re past the point where businesses can simply wait until an audit rolls around to expose any vulnerabilities; they need to be proactive with things like penetration testing and security configurations.
- Cross-device security
User endpoints have increased dramatically over the past decade, and it seems more devices are always being added into the mix. Public sector organisations must use integrated security that leverages single-protection architecture for mobile devices like smartphones, tablets and laptops.
Check Point Software recently hosted a webinar entitled: “The State of Cybersecurity: Public Sector 2021” with experts from the field of cyber security in the public sector. To access the webinar on-demand visit: https://www.brighttalk.com/webcast/16731/504417