Understanding the Public Sector’s Cybersecurity Landscape

Public trust is crucial for the effective functioning of the government. Citizens expect their personal information to be handled with care and for the government to ensure its security. Breaches or mishandling of data erode public trust, which can have far-reaching consequences, including diminished confidence in government institutions, decreased participation in public programs, and skepticism towards government initiatives. Data security measures demonstrate a commitment to protecting citizens’ information.

The World Economic Forum’s 2022 Global Cybersecurity Outlook reports ransomware remains the No. 1 type of cyberattack that organizations are most concerned about. The first-ever documented ransomware virus was released on unsuspecting personal computer early adopters in 1989 when 20,000 floppy disks infected with the “AIDS Trojan” or “PC Cyborg Virus” were sent to attendees of the World Health Organization’s AIDS conference. Upon booting up their computers for the 90th time after inserting the disk and executing its included questionnaire, users were told that a virus had infected their files. To regain access to their encrypted or locked files, the world’s first victims of digital extortion were instructed to send $189 to a PC Cyborg Corporation PO box in Panama.

Nearly 40 years later, everything about computers, networks, and secure technologies has changed—but ransomware is still the fastest-growing type of cybercrime. Cybersecurity Ventures estimated a ransomware attack every 11 seconds in 2021, with that frequency falling to every two seconds by 2031.

Most malicious ransomware attacks begin with an unsuspecting user clicking a corrupted link that downloads an infected file from an external source. Once opened and executed, the ransomware takes advantage of any vulnerabilities in the user’s computer and others networked across the organization.

The ransomware encrypts the computers’ files, then communicates instructions to the victims regarding regaining access to the decrypted files in exchange for a cryptocurrency ransom payment.

Among its resources for ransomware protection and response, the National Institute of Standards and Technology offers agencies and organizations eight quick steps for protecting against the threat of ransomware:

1. Implement antivirus software to automatically scan email, flash drives, and more.
2. Keep your computers fully patched with regularly scheduled checks to ensure everything is up to date.
3. Use security products, tools, or services that block any access to known ransomware websites.
4. Configure operating systems or use third-party software to allow that only authorized applications to be installed on your organization’s computers.
5. Restrict or prohibit access to organizations’ official networks from users’ personal-owned devices.
6. Utilize standard-user accounts as opposed to executive accounts with expanded administrative privileges whenever possible.
7. Avoid accessing personal websites and applications such as email, chats, or social media accounts from agency-owned and managed devices.
8. Beware and be cautious of any files, links, or attachments from unknown sources, avoiding clicking on or opening them until an antivirus scan can take a closer look.

While ransomware poses a significant threat to the public sector, service providers should be aware of and learn more about other major cybersecurity threats as well.

According to the FBI’s 2022 Internet Crime Report, its Internet Crime Complaint Center (IC3) received 800,944 complaints in 2022. That’s a five percent decrease from the year before, representing the only annual dip in reported cases over the past five years. The number of complaints received by the IC3 rose from 467,361 in 2019 to 791,790 in 2020 before peaking at 847,376 in 2021. Regardless of the number of complaints, the potential total financial losses from reported cybercrimes climbed from $6.9 billion in 2021 to a record $10.2 billion in 2022. 

Moreover, the officially reported numbers are likely significantly lower than the true volume of cybercrime taking place. In reports from the US Attorney General’s Cyber-Digital Task Force, the Department of Justice says as much as 85 percent of all cybercrime may go unreported. Cyberattacks can be well-hidden and well-organized. Well-funded malicious actors can spend more on attack innovations than organizations spend on protection.

Public hospitals and healthcare providers house patient data and personal information on networks supporting potentially outdated or vulnerable devices and can be a lucrative target for greedy cybercriminals. Moody’s Investors Service declared hospitals, as well as public utilities, including electric, water, and gas, to be among the sectors facing the highest risk of cyberattacks.

Infrastructure facilities are also becoming popular targets as cyberattacks evolve as a weapon of war—one with the potential to inflict devastating blows to essential services. Russia’s invasion of Ukraine includes near-constant cyberattack efforts against the Ukrainian government and civilian infrastructure. According to a report from Google’s Mandiant research unit, more destructive cyberattacks were observed on Ukrainian targets in just the first four months of 2022 than in the previous eight years combined

Several emerging trends in cybersecurity are shaping the landscape and requiring increased attention in the public sector, and it’s crucial for Service Providers to understand and keep up with these trends to secure and maintain government contracts.

Cybercriminals, once thought to focus mainly on large enterprises, often attack the easiest targets, regardless of their size. Large and small organizations should commit to increased cybersecurity to protect themselves and the people they serve. Some items to budget include:

• Technology Investment: Organizations should invest in robust cybersecurity technologies to protect their networks, systems, and data. Technology investments may include firewalls, intrusion detection and prevention systems, secure access controls, encryption software, endpoint protection, threat intelligence platforms, and more. The costs of these technologies vary depending on the size and complexity of the organization, ranging from thousands to millions of dollars.
• Workforce Training and Education: Building a skilled cybersecurity workforce requires investment in training and education programs. Organizations may provide training to their existing staff or hire professionals with specialized knowledge. The costs involve course fees, certifications, workshops, conferences, and ongoing professional development to keep up with the evolving threat landscape.
• Incident Response and Recovery: In the event of a cybersecurity incident, organizations must be prepared to respond effectively. An incident response and recovery plan includes establishing incident response teams, incident management systems, forensic analysis tools, and developing incident response plans. The costs involve hiring or training incident responders, investing in the necessary tools and technologies, and conducting regular exercises to test the response capabilities.
• Compliance and Regulatory Requirements: At a minimum, organizations legally often need to comply with various cybersecurity regulations and standards, such as the General Data Protection Regulation (GDPR) or the Payment Card Industry Data Security Standard (PCI DSS). Meeting these requirements involves conducting audits, vulnerability assessments, penetration testing, and implementing security controls. When working with the federal government, state governments, or public agencies, organizations should also budget for FedRAMP and StateRAMP certifications. The costs include engaging external auditors, investing in compliance management systems, and implementing necessary security measures.
• Cybersecurity Insurance: Many organizations opt for cybersecurity insurance to mitigate potential financial losses from a cyber incident. The cost of cybersecurity insurance premiums depends on factors such as the organization’s size, industry sector, level of risk exposure, and the coverage required.
• Research and Development: Advancements in cybersecurity technologies and techniques require ongoing research and development (R&D) efforts. Organizations, governments, and academic institutions invest in R&D to create innovative solutions and stay ahead of cyber threats. These costs include funding research projects, hiring researchers, and acquiring cutting-edge technologies.
• Third-Party Services: Organizations often rely on external providers for various cybersecurity functions. Service providers include managed security services, threat intelligence feeds, penetration testing, security consulting, and incident response support. The costs depend on the scope and scale of the services required.

Cybersecurity costs can vary significantly based on the size and nature of the organization, industry sector, geographic location, regulatory environment, and specific cybersecurity needs and risks. Furthermore, the impact of cybercrime also includes the financial costs of incidents, reputational costs, and public health and safety impact.