What happens when attackers breach local government, police departments or public health services? What would happen if attackers compromised the U.S. Treasury’s network? These types of incidents happen every month and lead to service interruptions at the very least. More serious problems could occur, such as leakage of classified data or damage to critical infrastructure.

What about the cost of a data breach for government agencies? According to the most recent IBM Cost of a Data Breach report, each public sector incident costs $2.07 million on average. In 2018, the U.S. government faced a total of $13.7 billion in costs due to cyberattacks. Governments at all levels and in every country are at risk. The stakes are high, and preparedness is essential.

Scope of Government Cyberattack Risk

While threat actors still prefer to target health care, financial and technology firms, there are over 90,000 government entities in the United States alone. Also, research shows that there is a knowledge and awareness gap in the public sector when it comes to security measures. This makes government offices attractive targets for cyber gangs.

With increased tensions, it’s likely that state-sponsored cyberattacks will also continue to increase. Given the rising threat to government agencies, the FBI released a special notification about the risk. It states: “Ransomware attacks against local government entities and the subsequent impacts are especially significant due to the public’s dependency on critical utilities, emergency services, educational facilities and other services overseen by local governments, making them attractive targets for cyber criminals.”

Still, if even specialist cybersecurity providers themselves aren’t immune to attack, how is a small government office expected to protect itself?

Types of Threats to Government Agencies

According to the FBI notice, the most common infection vectors against government entities are phishing emails, remote desktop protocol exploitation and software vulnerability exploitation. Threat diversification has also become a major concern. For example, the FBI states that actors have been:

  • Using service-for-hire business models
  • Sharing victim information among actor groups
  • Using diverse extortion strategies and attacking access and data sources such as cloud infrastructure, managed service providers and software supply chains.
Explore the Report

Government Action

Earlier this year, the U.S. Congress passed new legislation that impacts federal agencies and critical infrastructure owners and operators. The mandate states that agencies must report attacks within 72 hours. They must also report ransomware payments within 24 hours.

The new provision includes assistance for the departments of Defense, State, Justice, Treasury, Commerce and others. They will receive technological and continuity-of-government aid, which includes IT infrastructure and cybersecurity services. The legislation also gives the Cybersecurity and Infrastructure Security Agency (CISA) the authority to subpoena entities that fail to report cyberattacks or the payment of ransomware. Meanwhile, CISA will also sponsor a program to alert agencies of exploitable vulnerabilities connected with ransomware.

So, while increased assistance is part of the package, so is increased pressure and scrutiny.

Lack of Funding

Major barriers to defending against attacks include that it’s becoming harder to pay competitive salaries, the number of staff and lack of funds. All these involve tight budgets.

Despite the urgency, funding continues to be an issue for local and federal agencies. In 2021, $118.7 billion in technology spending was projected for state and local governments. Only a fraction of this was earmarked for security. It’s unlikely to cover all needs when the government faces $13.7 billion in security costs each year.

Lack of Insight

Many government offices also lack the strategies, experience and insight to prevent cyber crime. For example, in a 2019 attack on the Baltimore government, a well-known Microsoft patch could have easily prevented an $18 million Robinhood ransomware incident.

In 2019, attackers hijacked nearly all of Baltimore’s IT infrastructure and demanded a ransom of 13 bitcoin (about $76,000 at the time). The city refused to pay. Recovery efforts lasted months before systems came back online. During that time, services for water billing, property taxes, property sales, parking tickets, email and voicemail were all disrupted. The total cost of the Baltimore attack (plus remediation efforts) was around $18.2 million.

How to Respond to the Threat

The FBI and many other agencies recommend against paying ransoms. There is no guarantee that payment will result in restored systems and files. Paying ransoms also encourages attackers. Even worse, the Department of the Treasury may even impose sanctions on entities that pay malware ransoms.

Preparedness is critical. Some suggestions for government agencies from the FBI include:

  • Keep all operating systems and software up to date
  • Implement a user training program and phishing exercises
  • Require strong, unique passwords for all accounts with password logins
  • Require multi-factor authentication (MFA) for as many services as possible
  • Maintain offline (i.e., physically separate) backups of data, and test backup and restoration often
  • Ensure all backup data is encrypted and immutable
  • Protect cloud storage by backing up to multiple locations, requiring MFA for access and encrypting data in the cloud
  • If using Linux, use a Linux security module (such as SELinux, AppArmor or SecComp) for defense in depth
  • Segment networks to help prevent the spread of ransomware
  • Enforce the principle of least privilege through authorization policies
  • Implement time-based access for privileged accounts
  • Disable unneeded command-line utilities; constrain scripting activities and permissions and monitor their usage.

Improve Security Now

The ways to improve security may seem daunting at first. However, it doesn’t have to get all done at once. The idea is to begin improving security postures now. Then, continue to improve your preparedness along the way.

More from Data Protection

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…