In nearly every part of the world, people associate the word ‘government’ with order. Government services bring societal order, economic stability and security at all levels. However, the past decade of data breaches has challenged this. Federal and local governments battle worldwide breaches and cyber attacks. Data security flaws have been so pervasive in public sectors that costs that come with a data breach have risen nearly 79% year over year

How Does a Government Data Breach Happen?

Several years ago, the idea of governments falling victim to cyber attacks was hard to imagine. The public and governments had high standards for maintaining security governance and strict data compliance. However, the public sector includes multiple government services. (Look at the military, law enforcement, infrastructure management, public transit and educational facilities.) So, there is no shortage of digital footprints that threat actors can try to exploit.

In local and federal governments, a data breach involves any incident where attackers access or distribute confidential or protected information. Data breaches can occur through both physical and digital means. Attackers often combine them with various forms of cyber attack. (Think phishing schemes, ransomware attacks, viruses, malware and other malicious software.) Data breaches can expose confidential records, social security numbers, financial information and other sensitive details. Meanwhile, strict privacy laws often protect these in public sectors. 

Well-Known Government Data Breaches

Sadly, cyber attacks and data breaches impacting the public sector have become more and more common over the years. Now, governments invest a lot in their cybersecurity programs in response to the growing surge of attack variants targeting them.

In 2015, attackers compromised the personal credentials of over 190 million voters from the U.S. Voter Database, including their names, addresses, party affiliations and other private contact information. Misconfigured voter databases allowed this sensitive information to be easily displayed to anyone surfing the web. There are still some competing theories as to how this leak was caused, including Russian threat actors. The fact remains that the owners of the database did not manage the digitization of private records securely enough. This opened the door to a number of data compliance issues.

On May 7, 2019, an attacker hit the government of Baltimore’s networked systems with a new variant of ransomware, holding all servers with the exception of essential services up for ransom. Attackers compromised hundreds of thousands of people’s personal information. This was possible due to poor IT practices and an inadequate technology budget or cyberattack insurance policy.

Most recently, in December of 2020, the U.S. federal government faced the worst data breach the U.S. ever saw due to the sensitivity of the information accessed and the duration of the breach. It also impacted NATO, the U.K. government, Microsoft and the European Parliament. The data breach was not detected for months, giving the attackers access to tens of thousands of people.

How Much Does a Government Data Breach Cost? 

A government data breach can lead to a major financial loss. They also have grown larger over the years. According to the Cost of a Data Breach Report 2021, sponsored, analyzed and published by IBM Security, the total global cost of data breaches in public sectors rose nearly 79% between 2021 and 2020. That’s a total average data breach cost of $1.93 million. The public sector still represents a much smaller percentage of industries impacted by data breaches. However, the aggressive year-over-year growth of related costs is starting to show how important cybersecurity projects have become. 

The Risks and Challenges of Data Security in Government 

Today, government entities face an uphill battle when combating the growing surge of cyber espionage and extortion. Now more than ever, the public sector needs to focus on its security hardening measures across all infrastructure layers. At the same time, the sector also needs to maintain adequate budgets to support its data governance and disaster recovery efforts.

Government entities now have a much more pronounced digital target on their backs. A new generation of attackers happily accepts the high-risk-high-reward aspect of data breaches within public sectors. So, local and federal governments must execute thorough vulnerability analysis assessments. They should take a comprehensive look at database configurations and their data privacy compliance. 

Very few industries are immune to the financial impact data breaches can have. 2021 has also taught us that attackers have sharpened their focus on the public sector. This creates a sense of urgency for local and federal governments. They need to stay up to date in all areas of their security while keeping data privacy and protection top priorities.

More from Application Security

Does Follina Mean It’s Time to Abandon Microsoft Office?

As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m not introducing risk to my clients. Still, using Microsoft Office was something I did many times a day without a second thought. I brought up…

3 Reasons Why Technology Integration Matters

As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech. Threat actors have vast underground forums for sharing their intelligence, while security professionals remain tight-lipped in a lot of data breach cases. Much like the way a vaccine can help stop the spread of infectious diseases, sharing threat intelligence and defense strategies can help to establish a more secure future for everyone.  So what…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory. SCM systems are used in the majority of organizations to manage source code and integrate with other systems within the…