In nearly every part of the world, people associate the word ‘government’ with order. Government services bring societal order, economic stability, and security at all levels. However, the past decade of data breaches has challenged this. Federal and local governments battle worldwide breaches and cyber-attacks. Data security flaws have been so pervasive in public sectors that costs that come with a data breach have risen nearly 79% year over year.
Data Chaos – How Does a Government Data Breach Happen?
Several years ago, the idea of governments falling victim to cyber-attacks was hard to imagine. The public and governments had high standards for maintaining security governance and strict data compliance. However, the public sector includes multiple government services. (Look at the military, law enforcement, infrastructure management, public transit, and educational facilities.) So, there is no shortage of digital footprints that threat actors can try to exploit.
In local and federal governments, a data breach involves any incident where attackers access or distribute confidential or protected information. Data breaches can occur through both physical and digital means. Attackers often combine them with various forms of cyber-attack. (Think phishing schemes, ransomware attacks, viruses, malware, and other malicious software.) Data breaches can expose confidential records, social security numbers, financial information, and other sensitive details. Meanwhile, strict privacy laws often protect these in public sectors.
Well-Known Government Data Breaches
Sadly, cyber-attacks and data breaches impacting the public sector have become more and more common over the years. Now, governments invest a lot in their cybersecurity programs in response to the growing surge of attack variants targeting them.
In 2015, attackers compromised the personal credentials of over 190 million voters from the U.S. Voter Database, including their names, addresses, party affiliations and other private contact information. Misconfigured voter databases allowed this sensitive information to be easily displayed to anyone surfing the web. There are still some competing theories as to how this leak was caused, including Russian threat actors. The fact remains that the owners of the database did not manage the digitization of private records securely enough. This opened the door to several data compliance issues.
On May 7, 2019, an attacker hit the government of Baltimore’s networked systems with a new variant of ransomware, holding all servers apart from essential services up for ransom. Attackers compromised hundreds of thousands of people’s personal information. This was possible due to poor IT practices and an inadequate technology budget or cyberattack insurance policy.
More recently, in December of 2020, the U.S. federal government faced the worst data breach the U.S. ever saw due to the sensitivity of the information accessed and the duration of the breach. It also impacted NATO, the U.K. government, Microsoft, and the European Parliament. The data breach was not detected for months, giving the attackers access to tens of thousands of people.
How Much Does a Government Data Breach Cost?
A government data breach can lead to a major financial loss. They also have grown larger over the years. According to the Cost of a Data Breach Report 2021, sponsored, analyzed, and published by IBM Security, the total global cost of data breaches in public sectors rose nearly 79% between 2021 and 2020. That’s a total average data breach cost of $1.93 million. The public sector still represents a much smaller percentage of industries impacted by data breaches. However, the aggressive year-over-year growth of related costs is starting to show how important cybersecurity projects have become.
The Risks and Challenges of Data Security in Government
Today, government entities face an uphill battle when combating the growing surge of cyber espionage and extortion. Now more than ever, the public sector needs to focus on its security hardening measures across all infrastructure layers. At the same time, the sector also needs to maintain adequate budgets to support its data governance and disaster recovery efforts.
Government entities now have a much more pronounced digital target on their backs. A new generation of attackers happily accepts the high-risk-high-reward aspect of data breaches within public sectors. So, local, and federal governments must execute thorough vulnerability analysis assessments. They should take a comprehensive look at database configurations and their data privacy compliance.
Very few industries are immune to the financial impact data breaches can have. 2021 has also taught us that attackers have sharpened their focus on the public sector. This creates a sense of urgency for local and federal governments. They need to stay up to date in all areas of their security while keeping data privacy and protection top priorities.