Trustwave, a cybersecurity and managed security services provider, has released its detailed report, "2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies." The report offers an in-depth analysis of the unique cybersecurity challenges confronting the public sector and provides actionable strategies for strengthening defenses.
Cyberattacks pose significant risks to the stability and security that governments strive to maintain. Effective cybersecurity is crucial for protecting sensitive data and ensuring the seamless operation of critical services that citizens depend on, such as national defense and infrastructure. Breaches in public sector cybersecurity can undermine public trust, disrupt daily life, and even put lives at risk, particularly when critical infrastructure is targeted.
"The public sector continues to be a strong focus for highly motivated criminals, hacktivists, and nation-state-sponsored organizations," said Trustwave Global CISO Kory Daniels.
"Breaches in the public sector extend beyond financial loss; they can be highly coordinated, malicious, multi-pronged digital and physical attacks. We've observed successful attempts to disrupt critical systems and services while disorienting operations that citizens rely on every day. This includes telecommunications, healthcare, trademark and patent systems, transportation, citizen PII data, law enforcement, and national security. A successful attack can shake the very foundations of society, erode trust in government, and create a climate of fear and uncertainty."
Trustwave SpiderLabs' research delves into the attack methods used by various threat groups, providing insights into their tactics, techniques, and procedures. The public sector's cybersecurity challenges are exacerbated by factors such as legacy systems, a focus on public service over security, fragmented IT infrastructure, vast amounts of sensitive data, siloed information, limited budget resources, complex regulations, and targeting by international actors.
"It's particularly concerning how geopolitical motivations tap into the digital realm to perform espionage leveraging deepfakes, social media manipulation, and election interference,” continued Daniels. “As citizens, we entrust the government with vast amounts of our personal information, which is why public-private partnership is critical for defending individuals, businesses, and the government itself."
The Trustwave SpiderLabs report thoroughly examines threat groups and their attack cycles, from initial access to data exfiltration. The report covers cybersecurity challenges facing the public sector globally, including government institutions and essential public services. Key findings from the report highlight the following:
Phishing Attacks: Phishing remains a dominant threat in the public sector, responsible for 80% of initial access by attackers.
Ransomware Threats: LockBit 3.0 is responsible for 43% of ransomware attacks in the public sector, with Medusa and Play accounting for 13% and 12% respectively.
Vulnerable Local Governments: Local governments are particularly susceptible to ransomware attacks, making up 60% of such incidents.
This report underscores the critical need for robust cybersecurity measures in the public sector to combat sophisticated and evolving threats. Enhanced collaboration between public and private sectors, along with significant investments in advanced technologies and comprehensive cybersecurity training, are essential steps towards safeguarding public services and maintaining public trust.