Light Dark
May 7, 2021 By Jennifer Gregory 4 min read
Data Protection
Government
Security Services

As a government agency or jurisdiction, one of your goals is to build trust with the citizens you serve. You earn that trust by protecting their information from a government data breach. This also helps by making efficient use of taxpayer dollars. When a data breach does hit, both pillars are eroded. Your organization can serve the community better — and build their trust — by managing data breach prevention in advance and planning your response to reduce the consequences of a data breach.

The Cost of a Government Data Breach

The IBM Cost of a Data Breach Report 2020 found that breaches in the public sector averaged a cost of $1.6 million per breach, which is a 16% decrease from 2019. Compared to the other 16 industries included in the report, the public sector has the lowest cost. (Breaches in health care topped the list with an average cost of $8.6 million.) The government sector was even $1.3 million less than the transportation sector, which came in 15th place. However, the report includes the cost of lost customers, which may reduce the dollar amount cost because it’s less of a concern for the public sector than other industries.

While a government data breach is the least costly, each dollar spent is taxpayer money. That money could be better used improving the community. In the report, researchers found that the public sector lags behind other industries in terms of time to identify and contain data breaches.

The global average across all sectors to identify a breach is 177 days. Meanwhile, the average in the public sector is 231 days. Once a breach is spotted, the global average time to contain is 73 days. Compare that to the 93-day average in the public sector. The longer it takes to find and fix a data breach, the higher the costs. In addition, 70% of the respondents are concerned that the increase of remote work due to the pandemic increases the cost of a data breach.

How to Reduce the Cost of a Government Data Breach

By reducing their response time, government agencies can lower the costs of a breach. Here are three ways the public sector can more quickly spot and contain a government data breach.

No. 1: Incident Response

First, create an effective incident response team. Government organizations with an Incident Response (IR) team spend an average of $274,239 less resolving a breach than the global average. In addition, testing their incident response can lower the cost even more — possibly $311,571 more than the average. However, many government agencies and jurisdictions don’t even have an IR team.

When creating an IR team, focus on hiring people who excel at both security and teamwork, and those who have complementary technical and interpersonal skills. Be sure to include an intelligence analyst, who can offer insight into an adversary’s actions, tools and methods. When selecting tools, consider technology-agnostic platforms and tools that will allow you to move quickly.

After an attack occurs, the IR team’s first focus is removing the attacker. The next step is strategic, and involves making sure the same type of attack is not possible in the future. Your team must then rebuild the environment that was damaged in the attack. They’ll need to focus on getting the business back up and running as soon as possible. By working together and using a structured approach, your IR team can play a key role in both identifying and more quickly resolving a government data breach.

No. 2: Focus on Cloud Migration

The cost of a breach increased by an average of $243,251 for governments doing a cloud migration, the report found. Because of the amount of data moved in a short period of time, cloud migrations can lead to vulnerabilities. Common issues include misconfigurations, unpatched vulnerabilities and not changing default configurations.

One of the most effective ways to improve security during and after a cloud migration is clearly defining ownership of protected data. With cloud storage, entities often assume they are no longer on the hook for security. This incorrect assumption can lead to costly breaches. The next step is to create a baseline of your current environment, including business rules, content policies, configurations and applications.

Before migrating your data, create a plan that details the scope, timeline and data transportation method. By creating a longer migration window, agencies and jurisdictions can often lower their risk of a government data breach. Public sector organizations should also create a comprehensive cloud security plan. This should detail portability and future extensibility, often through using open standards.

By using a Cloud Security Posture Management tool, you can comprehensively manage your cloud storage and security, which will allow you to quickly identify risks. Other strategies include staying up to date with security features, enabling multi-factor authentication (MFA), using data encryption and considering private storage.

No. 3: Practice With Red Team Testing

A government data breach takes longer to resolve if your team has never practiced their processes and skills. To ensure they’re ready to go when they’re needed, your team needs to practice their response. With the red team simulation process, your red team finds loopholes in your system and launches an attack on the live system, and your blue team responds. While red team automation has been used in the past, performing a live simulation allows for a more realistic assessment of your team’s readiness. It includes complex cases, such as custom APT flows. In a live simulation, the red team uses techniques and attacks, such as footprinting, reconnaissance, penetration testing, social engineering and physical attacks.

Because your response team does not know at first if it’s a test or a real attack, you gain key insight into any possible risks. In addition, you can find the weaknesses in your response tools and processes. After the attack, the red team presents its findings to the blue team. This allows them to establish a baseline for future defense response. The exercise also provides valuable hands-on learning.

Reducing Government Data Breaches

You may already spend considerable effort focusing on government data breach prevention. Working in the public sector means that when a breach happens you also need to keep the costs and damage as low as possible. By creating and implementing strategies and tools that help your agencies quickly find a breach and then resolve it in as short a time as possible, you can continue to be a good steward of your taxpayers’ dollars.

 |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from Data Protection
November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

November 5, 2024

Skills shortage directly tied to financial loss in data breaches

2 min read - The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM's 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.And that's expensive. This skills deficit adds an average of $1.76 million in additional breach costs.The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature