As a government agency or jurisdiction, one of your goals is to build trust with the citizens you serve. You earn that trust by protecting their information from a government data breach. This also helps by making efficient use of taxpayer dollars. When a data breach does hit, both pillars are eroded. Your organization can serve the community better — and build their trust — by managing data breach prevention in advance and planning your response to reduce the consequences of a data breach.
The Cost of a Government Data Breach
The IBM Cost of a Data Breach Report 2020 found that breaches in the public sector averaged a cost of $1.6 million per breach, which is a 16% decrease from 2019. Compared to the other 16 industries included in the report, the public sector has the lowest cost. (Breaches in health care topped the list with an average cost of $8.6 million.) The government sector was even $1.3 million less than the transportation sector, which came in 15th place. However, the report includes the cost of lost customers, which may reduce the dollar amount cost because it’s less of a concern for the public sector than other industries.
While a government data breach is the least costly, each dollar spent is taxpayer money. That money could be better used improving the community. In the report, researchers found that the public sector lags behind other industries in terms of time to identify and contain data breaches.
The global average across all sectors to identify a breach is 177 days. Meanwhile, the average in the public sector is 231 days. Once a breach is spotted, the global average time to contain is 73 days. Compare that to the 93-day average in the public sector. The longer it takes to find and fix a data breach, the higher the costs. In addition, 70% of the respondents are concerned that the increase of remote work due to the pandemic increases the cost of a data breach.
How to Reduce the Cost of a Government Data Breach
By reducing their response time, government agencies can lower the costs of a breach. Here are three ways the public sector can more quickly spot and contain a government data breach.
No. 1: Incident Response
First, create an effective incident response team. Government organizations with an Incident Response (IR) team spend an average of $274,239 less resolving a breach than the global average. In addition, testing their incident response can lower the cost even more — possibly $311,571 more than the average. However, many government agencies and jurisdictions don’t even have an IR team.
When creating an IR team, focus on hiring people who excel at both security and teamwork, and those who have complementary technical and interpersonal skills. Be sure to include an intelligence analyst, who can offer insight into an adversary’s actions, tools and methods. When selecting tools, consider technology-agnostic platforms and tools that will allow you to move quickly.
After an attack occurs, the IR team’s first focus is removing the attacker. The next step is strategic, and involves making sure the same type of attack is not possible in the future. Your team must then rebuild the environment that was damaged in the attack. They’ll need to focus on getting the business back up and running as soon as possible. By working together and using a structured approach, your IR team can play a key role in both identifying and more quickly resolving a government data breach.
No. 2: Focus on Cloud Migration
The cost of a breach increased by an average of $243,251 for governments doing a cloud migration, the report found. Because of the amount of data moved in a short period of time, cloud migrations can lead to vulnerabilities. Common issues include misconfigurations, unpatched vulnerabilities and not changing default configurations.
One of the most effective ways to improve security during and after a cloud migration is clearly defining ownership of protected data. With cloud storage, entities often assume they are no longer on the hook for security. This incorrect assumption can lead to costly breaches. The next step is to create a baseline of your current environment, including business rules, content policies, configurations and applications.
Before migrating your data, create a plan that details the scope, timeline and data transportation method. By creating a longer migration window, agencies and jurisdictions can often lower their risk of a government data breach. Public sector organizations should also create a comprehensive cloud security plan. This should detail portability and future extensibility, often through using open standards.
By using a Cloud Security Posture Management tool, you can comprehensively manage your cloud storage and security, which will allow you to quickly identify risks. Other strategies include staying up to date with security features, enabling multi-factor authentication (MFA), using data encryption and considering private storage.
No. 3: Practice With Red Team Testing
A government data breach takes longer to resolve if your team has never practiced their processes and skills. To ensure they’re ready to go when they’re needed, your team needs to practice their response. With the red team simulation process, your red team finds loopholes in your system and launches an attack on the live system, and your blue team responds. While red team automation has been used in the past, performing a live simulation allows for a more realistic assessment of your team’s readiness. It includes complex cases, such as custom APT flows. In a live simulation, the red team uses techniques and attacks, such as footprinting, reconnaissance, penetration testing, social engineering and physical attacks.
Because your response team does not know at first if it’s a test or a real attack, you gain key insight into any possible risks. In addition, you can find the weaknesses in your response tools and processes. After the attack, the red team presents its findings to the blue team. This allows them to establish a baseline for future defense response. The exercise also provides valuable hands-on learning.
Reducing Government Data Breaches
You may already spend considerable effort focusing on government data breach prevention. Working in the public sector means that when a breach happens you also need to keep the costs and damage as low as possible. By creating and implementing strategies and tools that help your agencies quickly find a breach and then resolve it in as short a time as possible, you can continue to be a good steward of your taxpayers’ dollars.