How the public sector can combat mounting cybersecurity risks
The public sector is being targeted by cybercriminals. We have identified three top areas with security gaps leading to openings for cybercrime and give recommendations on how to mitigate potential breaches.
From municipalities to the military, healthcare to schools, these organizations have the challenge of protecting citizens while increasing digitalization and maintaining security. With the amount of sensitive data being handled, outdated systems, and the variety of devices being used, it is clear why cybercriminals continue to target the public sector.
We have identified three segments with security gaps leading to cyber-attacks with recommendations on how to mitigate potential breaches.
E-Government
Governments are undergoing a digital transformation with the focus being on citizens and the adoption of online services. Through eServices, public agencies modernize processes and engage faster with citizens. While using online services has become a norm, citizens expect the government to have the appropriate security measures in place to protect their personal data when using these government platforms.
There is an immense amount of data collected and shared within e-government meaning a breach could have detrimental consequences. Therefore, implementing security measures to enhance data integrity and access security is imperative. The following security measures should be implemented to help keep both the authorities' and citizens' data secure:
- Multi-factor authentication: Ensure users within the application have the correct access rights to upload and share data
- Credential and Identity Verification: Verify credentials, documents, and access rights to prevent fraud
- Signature technology: Leverage PKI certificates to offer the highest levels of security and eIDAS compliance ensuring data integrity and privacy
Public Sector Workforce
Even within the public sector, awareness within the organization is essential to create a security culture and to increase the cyber defense level of the organization. Educating and training staff is important. as email is a main source of infiltration for cybercriminals and email is one of the top communication tools for government employees.
- Zero trust security: Every identity, user, device, and network should be authenticated and authorized before gaining access rights
- Strong authentication: Smart cards are often the root of trust enabling MFA, access control and additional functionality. Accompanying physical ID cards with strong digital identities allows for greater user convenience.
- Email encryption and signing: Being the central tool for communication, email systems are the top source of infiltration for cybercriminals. Encryption and signing boost the overall security of this widely used communication channel.
Critical Infrastructure
Critical infrastructure has become more complex and dependent on connected devices. The threat that comes with this is that the security of industrial control systems and connected devices has fallen behind that of IT systems, leaving operational technology vulnerable and poorly protected against cyber threats. With more connected devices being used to collect data and connect to critical networks, the convergence of IT and OT will only accelerate and cyberattacks will rapidly increase.
Digital advancements have the potential to enhance information security and cybersecurity protection. The need for new business practices that enable departments to securely collaborate, share sensitive information, all alongside interoperability has never been more critical. A new demand for security solutions to strengthen information technology (IT) and operational technology (OT) measures by safeguarding data, networks, internal systems, as well as buildings is the need of the hour.
Stringent security controls established to ensure critical infrastructure is fully protected have led many governments and public agencies to rely on trusted identities through modern and advanced public-key infrastructure technology.
Comprehensive security
Combating cybersecurity is no longer about focusing on individual systems or a specific set of users. With digitalization taking over all aspects of the interaction between the public sector and citizens, governing authorities need to consider cybersecurity measures that cover all touchpoints – citizens, employees, suppliers, and all interacting systems and applications, to ensure that sensitive information is collected, processed, and stored securely.