August 2, 2019 • The Recorded Future Team
From organized crime to state-sponsored hacking groups, government organizations face some of the most persistent and advanced cyber threats around.
The recent case of a Florida city government being forced to pay a $600,000 ransom is a prime example. Attackers had completely compromised their electronic systems, holding their data hostage and forcing employees — including 911 dispatchers — to work exclusively with manual paper records until the ransom had been paid.
In this blog, we’ll take a look at the threat landscape for government organizations, and explore how these organizations can use threat intelligence to enhance their security profile.
Most government organizations hold large quantities of sensitive data, and many have operations that include thousands of employees and endpoints. Not only does this make them a high-value target, but they are also faced with significant security challenges. So it shouldn’t come as any surprise that the government sector is heavily targeted by cyberattacks. Our own research revealed that at least 170 U.S. government systems have been attacked since 2013, including more than 45 police and sheriff’s offices.
Verizon’s 2019 Data Breach Investigations Report saw government organizations affected by 23,399 incidents during their reporting year — more than all other industries put together — 330 of which led to confirmed data breaches. While the number of incidents identified is partly due to stringent regulations, which force government organizations to disclose more than most, the sheer volume is still staggering.
And it’s not just the volume of attacks that causes problems. The most common motivation associated with government breaches involving external actors was cyberespionage (79%), which is typically perpetrated by state-sponsored hacking groups. These groups sometimes use highly advanced tactics and have substantial resources to work with, making them a formidable adversary for government organizations to defend against. It’s no surprise, then, that government sector data breaches are 2.5 times more likely than average to go undiscovered for a period of years.
Security is a major consideration for government organizations — and they spend a lot of money on it — but it’s not the only consideration.
On top of stringent compliance requirements, a constant barrage of cyberattacks, and the need to protect large quantities of sensitive data, government organizations have one other important concern: retaining the trust and goodwill of the public. To do that, they must ensure their budgets (which are typically funded by taxpayers) are used wisely. Unsurprisingly, taxpayers don’t like to see their money being wasted. Government organizations must ensure that every penny invested has a clear and measurable return on investment. Functionally, this means government organizations are forced to make difficult decisions about how and where to invest their limited security resources.
This is a major function of threat intelligence. It helps government organizations identify their most pressing threats, so they can allocate resources accordingly while staying accountable to the public.
Protecting government organizations against a huge volume of attacks — many of which involve highly sophisticated attackers — is no easy feat. It requires a well-orchestrated security program, experienced personnel, and watertight processes. This is where threat intelligence comes in. It helps personnel throughout the security function make better, faster decisions about what to do and when to do it.
In particular, the following roles gain huge utility from threat intelligence:
When your adversaries are state-sponsored hacking groups — as they often are for government organizations — a reactive approach to security is never going to work. By the time you know something has happened, it could be years down the line.
Threat intelligence helps government organizations build proactive security programs that enable them to rapidly block and respond to cyber threats. Perhaps even more importantly, it enables them to remain accountable to the public, and clearly demonstrate that limited security resources are being utilized in the best possible way. If your organization isn’t currently using threat intelligence, here’s an easy way to get started. Sign up for our free Cyber Daily newsletter, and you’ll receive the top cybersecurity intelligence direct to your inbox each morning. That includes:
Subscribe today and use this intelligence to keep your organization — and its sensitive data — safe from cyber threats.