Table of Contents
Public services are a prime target for cyber-attackers, and the number of incidents reported is increasing every year. Cybersecurity is no longer an option.
The start of 2023 was marked by a cyberattack on the city of Lille in France: for several days, the town had to operate in slow motion and do without computers and software. The incident, far from being isolated, highlights the public sector’s vulnerability to cyber threats – and above all, the scale of the consequences on its organizations. Not taken seriously enough, the risks are nevertheless tenfold for the public sector. Let’s take a closer look.
Current issues: the public sector increasingly affected by cyber attacks
A prime target for cyberattackers, the public sector faces an ever-increasing number of cyberattacks. According to ENISA’s Threat Landscape 2022 report, between July 2021 and July 2022, government agencies accounted for 24% of victims. This is due not only to the variety of attacks but also to the special status of public bodies.
A lucrative sector for cyber attackers
Public organizations are often considered prime targets for cyberattackers:
- They deal with sensitive data: such as personal, financial, medical, and government information. This data is attractive to cyber-attackers, as it can be used for exploitation, fraud, blackmail or espionage, or even resold.
- They manage critical infrastructures: public bodies often run power grids, transport systems, and emergency services. A successful cyberattack on this type of structure can paralyze society. And the greater the damage caused, the stronger the position of cyber attackers.
- They aren’t sufficiently protected: despite warnings, many public bodies need more resources to invest in effective cybersecurity measures. This makes them “easy targets” for cyber attackers.
A variety of threats
Public sector organizations also face multiple threats that do not necessarily require the same protection measures. These include :
Phishing
This technique involves pretending to be a trusted third party to obtain sensitive information such as login details or passwords. One person’s mistake can paralyze an entire organization.
DDoS attack
Also known as a “denial of service attack”, it corresponds to several cyber-attackers deliberate over-exploitation of an organization’s computer systems. The aim is to make services unavailable to other users.
Cyber espionage
This type of attack can take many forms, such as unauthorized access to databases, communications surveillance, or the theft of government secrets. Like traditional espionage, cyber espionage aims to obtain strategic or confidential information.
Ransomware
Ransomware is a malware designed to encrypt an organization’s data. Its creators then demand a ransom payment in exchange for the decryption key.
With 23% of incidents in 2022, local authorities are the second most affected category of victims of ransomware attacks, behind VSEs, SMEs, and ETIs.
Source: Panorama de la cybermenace 2022 – ANSSI
CVE exploitation
CVEs (Common Vulnerabilities and Exposures) are publicly disclosed security flaws many organizations fail to detect. This exposes these organizations to the enormous risk of their vulnerabilities being exploited by cyber-attackers, enabling them to take control of their servers or hack into their data.
As revealed in this document published by the French National Cybersecurity Agency, numerous vulnerabilities were discovered during 2022:
- In MICROSOFT EXCHANGE: they can be used to remotely execute arbitrary code and take control of the mail server.
- In the GLPI solution: they enable an attacker to bypass the security policy.
- In ZIMBRA: the vulnerability referenced CVE-2022-27925 allows a cyber attacker to compromise data confidentiality and integrity.
What are the cyber risks for public entities?
Given the variety of threats and the lack of protection for organizations, it’s clear that the public sector faces multiple risks.
Operational risk
Attacks such as ransomware or denial-of-service attacks can paralyze organizations’ IT systems. In particular, this can disrupt government operations, administration, healthcare, or education services.
Financial risk
This is the almost inevitable risk of a cyberattack. Indeed, even if the affected organization chooses not to give in to the financial blackmail of the hackers in the event of ransomware, the costs involved in restoring systems, implementing security measures, training staff, and crisis management quickly prove to be substantial, whatever the type of attack suffered.
Reputational risk
Many cyber-attackers publicize their power grab – or publicly disclose confidential information – to pressure the hacked organization. The latter then risks seeing its public image deteriorate and losing the trust of its users.
Political risk
Cyberattacks can be aimed at collecting sensitive information or conducting surveillance activities in the public sector. This can compromise national security, government secrets, or diplomacy between players.
How to protect yourself against cyberattacks in the public sector?
Although public sector organizations are still insufficiently protected against cyberthreats, they do have adequate means of preventing attacks, such as :
- Pentest as a Service: a security audit launched in less than a week for a flat fee. Uncover most of the vulnerabilities in a product and assess its security level at a given point in time, or schedule several pentests throughout your development life cycle as part of a DevSecOps approach.
- Bug bounty: a hunt for in-depth vulnerabilities with the elite hackers of the Yogosha Strike Force. Identify the most critical vulnerabilities on a pay-per-result basis. No vulnerabilities = no expenses, you only reward exploitable results.
As an expert in cybersecurity, Yogosha supports all types of public bodies in protecting their information systems. Identify your vulnerabilities through Pentest and Bug Bounty operations, and centralize and manage your cybersecurity strategy from a dedicated platform.
The plus: Yogosha supports high schools, universities, and regional authorities by setting up educational Bug Bounty programs to help train the security engineers of tomorrow.
Ministries, local authorities and agencies are prime targets for cyber-attackers. Be a step ahead and strengthen your security now. Contact us!
They do bug bounty and share their stories.
