December 7, 2016 By Michelle Alvarez 2 min read

A government’s core role is to protect and enhance the lives of its citizens. It must deliver services to create and sustain a robust and efficient public infrastructure, ensure public safety, foster sustainable economic growth and build stronger communities. Those tasks bring many challenges, but the overriding requirement of security is common to them all. Without it, no government in the world can perform its role. Security is always a prerequisite.

A Growing Global Concern

IBM’s “2016 Cyber Security Intelligence Index” reported that in 2015, the government sector advanced from sixth place to fourth place among most frequently attacked industries. According to the U.S. Government Accountability Office, cyberattacks against the U.S. government were up 1,300 percent since 2006.

Globally in 2015, IBM Managed Security Services (MSS) observed a 36 percent increase in security incidents affecting the average government client organization. A security incident — an attack or event that has been reviewed by security analysts and deemed worthy of deeper investigation — is the most serious of IBM MSS data classifications. That figure wasn’t as high as the 64 percent rise we observed in the average client company across all industries, but it was certainly significant.

Learn more about information security in the government sector

Coupled with reports of massive government breaches in 2016, these findings underscored a need to draw attention to threats targeting governments. Most notably, over 93 million records containing Mexican voter data were exposed due to an improperly secured public-facing cloud database. Leaked data included names, parent names, voter identification numbers, addresses, dates of birth and other sensitive information.

Top Threats to the Government Sector

IBM Security found newer threats such as Shellshock plaguing government organizations. It also observed older, tried-and-true threats, such as SQL injection and buffer manipulation, still prevalent across incidents on government networks.

These insights and more can be found in the recently released IBM Report, “The Changing Face of IT Security in the Government Sector.”

More from Government

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today