Public sector cyber attacks have increased in recent years, affecting schools, hospitals, nursing homes, and local government offices, among other entities. Cyber attackers have found new ways to infiltrate networks and disrupt what these organizations are trying to do every day and increasing their demands while holding data and information hostage for big fees.
This was recently illustrated in Verizon Wireless’ annual Data Breach Investigations Report, which outlined the developing state of cybersecurity threats. According to the data, two-thirds (66 percent) of breaches can now be related to cyber espionage, with hackers gaining access secretly in order to get the data they want for a high price. For government agencies and public sector organizations, this can be concerning considering the information they need to keep protected.
Verizon’s report describes how cybercriminals are taking a quieter approach to access high-value public sector data and holding them for ransom. Now, cyber attacks happen more subtly with attackers gaining network access secretly and lying in wait, undetected, as they gather information over time. In this time, they can insert backdoors, exfiltrate high amounts of data, and listen in on sensitive secrets in local governments, for example.
The longer they lie in wait, the more damage they can impart on their targets. The hackers want to look for ways to exploit weaknesses in their victims’ systems and then move throughout the networks to find more valuable information to be held at ransom.
Whether it’s a local government office or a school board, millions of pieces of data and sensitive information present a major opportunity for hackers. However, identifying attackers and keeping breaches at bay has become a major issue for entities. Security teams have become overloaded in needing to take care of breaches and gather themselves following an exposure, cutting down on the time to adequately hunt down threats or protect against future attacks.
Government agencies and school systems must bring on layered defenses that can isolate applications to help identify and contain major threats. This can be done by applying protection at common points of entry, such as the network endpoints, and keeps hackers from gaining a grip in agency systems. This also reduces the attack area by cutting off direct routes into an entity, like emails, downloads, and Internet connections.
Entities can turn traditionally weak endpoints into intelligence gathering assets. By doing so, agencies get a complete look at an attacker’s intent which in turn helps them secure their defensive cyberinfrastructure. This can give network security teams help by reducing false positives and stops hackers at the point of entry. This also helps security teams by providing the time and information they need to analyze major threats and liabilities they face on a daily basis.
Cyber risks aren’t going away any time soon and are even developing into more sophisticated threats. Public sector entities must find new ways to protect their high-value assets to get better security results.
Professional Governmental Underwriters, Inc., is a full-service risk management company dedicated to assisting public, educational and non-profit entities in the management of their professional liability exposures including educators liability insurance. We are dedicated to providing state-of-the-art professional underwriting management and loss control advisory services on behalf of our designated carriers. For more information, call us toll-free at (800) 586-6502.