From nation-state threat actors to typical cybercriminals, the public sector faces a multitude of cybersecurity threats. At the same time, public-sector organizations struggle to maintain a robust cyber hygiene posture because they need to balance limited budgets with complex IT environments and highly interconnected ecosystems. With the May 2021 “Executive Order 14028, Improving the Nation’s Cybersecurity” (EO), understanding the cybersecurity threats facing the public sector is fundamental to meeting increasingly strict compliance mandates and ensuring resiliency. Check out these top 10 cybersecurity threats impacting the public sector.
1. State-sponsored cyber attacks
More than any other vertical, the public sector faces attacks designed to steal information for the purposes of espionage. State-sponsored cyberattacks, like the SolarWinds attack, intend to exfiltrate sensitive national security information. Unlike other attack types, state-sponsored cyberattacks are not motivated by money, meaning that threat actors will try to linger in systems as long as possible without being detected.
2. Supply chain attacks
A public sector organization’s cybersecurity is only as strong as its weakest link. Threat actors continue to target software and contractors across the supply chain to gain access to sensitive information. This places increased importance on third-party vendor risk management (TPRM) since organizations often lack visibility into cybersecurity across their supply chain business partners. Further, with the Software Bill of Materials (SBOM) development incorporated into the EO, public sector organizations will additionally need the ability to understand the security posture of all software and firmware components used in the technologies that enable their daily operations.
3. Increased ransomware attacks
Over the course of 2020 and 2021, cybercriminals focused on using ransomware attacks to disrupt critical operations. According to research, ransomware attacks increased by more than 150% in the first half of 2021, with additional research finding 113 different ransomware variants during the same period.
4. Changing ransomware methodologies
Traditional ransomware attacks focused on encrypting data. However, the rise of enhanced data backup, business continuity, and disaster recovery plans means that these methodologies no longer work as well. Today, malicious actors engage in double-extortion attacks where they encrypt and exfiltrate data. By stealing data and holding it hostage, malicious actors increase the likelihood that public sector organizations will pay the ransom.
5. Sector targeted attacks
Not all attack types target the public sector. Threat actors use similar tactics, techniques, and procedures (TTPs) across an industry. To stay ahead of these attacks, public sector entities need to gain visibility into the public-sector-specific threats by leveraging threat intelligence.
Phishing is an underlying initial threat vector and looks to trick people into taking actions against their best interests. When the user clicks on an embedded link or downloads a document, the malware executes on the device. This is often part of larger ransomware or state-sponsored attacks but can also steal credentials.
7. Credential theft
When threat actors attack public sector entities, they often want the data that those organizations collect, store, transmit, and process. By stealing credentials, they can gain access to systems and networks, often going undetected because this process disguises them as legitimate users. For example, stealing credentials for someone who has privileged access, like a local or domain admin, can give them nearly unfettered access across all resources.
8. Privilege escalation
Threat actors no longer just look for only privileged credentials, they want any access, no matter how limited. With access, threat actors begin granting themselves additional privileges and access rights. In doing this, they can take a standard user’s credentials and turn them into privileged credentials, giving them the access they need to steal sensitive national security information or constituent personally identifiable information (PII).
9. Advanced persistent threats
Advanced persistent threats (APTs) are when threat actors gain access to systems and networks then stay there and continue to extract data. For example, recent research found that government agencies comprise 44% of all root-kit based attacks. These attacks are costly and difficult to create, unlike Ransomware-as-a-Service (RaaS), so they typically target high-ranking officials and diplomats. Most often, these attacks are used to carry out espionage, although one-third were motivated by financial gain.
10. Internet of Things (IoT) device security
IoT devices lack the traditional security controls that guide most software and firmware. Further, corruption of the IoT supply chain can be done maliciously or accidentally. For example, under the National Defense Authorization Act, Congress prohibited government procurement from Hikvision. However, this only works for IoT devices falling under the specific branding. Many IoT vendors rebrand or resell their technologies, another reason that the SBOM is mission-critical for the public sector.
SecurityScorecard: Security ratings for an outside-in view of cybersecurity risk
The most recent draft of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-161 “Cyber Supply Chain Risk Management Practices for Systems and Organizations” notes that performing an outside-in analysis of vendors with solutions like security ratings platforms can enhance supply chain risk mitigation. Additionally, SecurityScorecard’s security ratings platform helps public sector entities monitor their own cybersecurity posture across ten risk factors.
SecurityScorecard’s security ratings platform gives public sector entities a way to review risk and prioritize their mitigation strategies so that they can reduce the impact of the cybersecurity threats impacting them.