In nearly every part of the world, people associate the word ‘government’ with order. Government services bring societal order, economic stability and security at all levels. However, the past decade of data breaches has challenged this. Federal and local governments battle worldwide breaches and cyber attacks. Data security flaws have been so pervasive in public sectors that costs that come with a data breach have risen nearly 79% year over year

How Does a Government Data Breach Happen?

Several years ago, the idea of governments falling victim to cyber attacks was hard to imagine. The public and governments had high standards for maintaining security governance and strict data compliance. However, the public sector includes multiple government services. (Look at the military, law enforcement, infrastructure management, public transit and educational facilities.) So, there is no shortage of digital footprints that threat actors can try to exploit.

In local and federal governments, a data breach involves any incident where attackers access or distribute confidential or protected information. Data breaches can occur through both physical and digital means. Attackers often combine them with various forms of cyber attack. (Think phishing schemes, ransomware attacks, viruses, malware and other malicious software.) Data breaches can expose confidential records, social security numbers, financial information and other sensitive details. Meanwhile, strict privacy laws often protect these in public sectors. 

Well-Known Government Data Breaches

Sadly, cyber attacks and data breaches impacting the public sector have become more and more common over the years. Now, governments invest a lot in their cybersecurity programs in response to the growing surge of attack variants targeting them.

In 2015, attackers compromised the personal credentials of over 190 million voters from the U.S. Voter Database, including their names, addresses, party affiliations and other private contact information. Misconfigured voter databases allowed this sensitive information to be easily displayed to anyone surfing the web. There are still some competing theories as to how this leak was caused, including Russian threat actors. The fact remains that the owners of the database did not manage the digitization of private records securely enough. This opened the door to a number of data compliance issues.

On May 7, 2019, an attacker hit the government of Baltimore’s networked systems with a new variant of ransomware, holding all servers with the exception of essential services up for ransom. Attackers compromised hundreds of thousands of people’s personal information. This was possible due to poor IT practices and an inadequate technology budget or cyberattack insurance policy.

Most recently, in December of 2020, the U.S. federal government faced the worst data breach the U.S. ever saw due to the sensitivity of the information accessed and the duration of the breach. It also impacted NATO, the U.K. government, Microsoft and the European Parliament. The data breach was not detected for months, giving the attackers access to tens of thousands of people.

How Much Does a Government Data Breach Cost? 

A government data breach can lead to a major financial loss. They also have grown larger over the years. According to the Cost of a Data Breach Report 2021, sponsored, analyzed and published by IBM Security, the total global cost of data breaches in public sectors rose nearly 79% between 2021 and 2020. That’s a total average data breach cost of $1.93 million. The public sector still represents a much smaller percentage of industries impacted by data breaches. However, the aggressive year-over-year growth of related costs is starting to show how important cybersecurity projects have become. 

The Risks and Challenges of Data Security in Government 

Today, government entities face an uphill battle when combating the growing surge of cyber espionage and extortion. Now more than ever, the public sector needs to focus on its security hardening measures across all infrastructure layers. At the same time, the sector also needs to maintain adequate budgets to support its data governance and disaster recovery efforts.

Government entities now have a much more pronounced digital target on their backs. A new generation of attackers happily accepts the high-risk-high-reward aspect of data breaches within public sectors. So, local and federal governments must execute thorough vulnerability analysis assessments. They should take a comprehensive look at database configurations and their data privacy compliance. 

Very few industries are immune to the financial impact data breaches can have. 2021 has also taught us that attackers have sharpened their focus on the public sector. This creates a sense of urgency for local and federal governments. They need to stay up to date in all areas of their security while keeping data privacy and protection top priorities.

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…