GUEST BLOGGER
David Smith

News of data breaches and online frauds has become a matter of regular occurrence, which serves as a constant reminder that organizations need a robust strategy for fraud prevention and cybersecurity. Though the private sector usually grabs the headlines, the public sector often faces similar incidents. The public sector can include many different areas of service — healthcare, education, parks, libraries and more. Likewise, the judicial system, law enforcement and other government entities are vital components of the public sector. Because of their critical role, these departments and organizations have now become key targets for cybercriminals. Even high-profile events such as elections and the Olympics have also been victims of fraud attacks in recent years, pressing government authorities to prioritize cybersecurity.

The current state of cybersecurity in the public sector

According to research published in 2019 by SolarWinds, a leading IT management software provider, about 18% of respondents from different public sector organizations in the U.K. reported more than 1,000 cyberattacks in the previous year (which increased 14% from 2017). Among these, 95% of respondents were using antivirus, firewall and malware protection. On the other hand, about 38% of respondents said they had not experienced any cyberattacks at all, compared to 30% the year before that.

The types of attacks most commonly faced by the respondent organizations included phishing (95%), malware (86%) and ransomware (54%). Other attacks, such as targeted attacks from insiders or malicious cybercriminals, were faced by only 3% of respondents. This explains why the typical defenses used by these public sector organizations were antivirus software and firewalls. However, other critical defenses were still lacking — only 70% of organizations were using log management or network traffic analysis, tools that can help monitor unexpected activity.

Common threats faced in the public sector

Phishing, ransomware and malware are common threats faced by public sector organizations. Stolen personal data is often used to commit online frauds and identity thefts. The sector is also at risk from illegal cryptomining, cyber espionage and software supply chain attack.

Although these threats may have a significant impact, there are other areas of concern such as data leakage, which has seemingly lesser impact but greater importance in terms of reputation. Occasionally, employees may lose important data through tablets, smartphones or laptops left in public transportation or by using public WiFi access points. Moreover, successful cyberfrauds are mostly the result of insider mistakes, such as through phishing emails or business email compromise.

What is an even bigger problem is the failure of public organizations to fix known vulnerabilities. According to Ponemon institute, “56% of respondents say their organizations are at a disadvantage in responding to vulnerabilities because they use manual processes. And 51% of respondents say security spends more time navigating manual processes than responding to vulnerabilities – resulting in an insurmountable backlog.”

4 ways to guard against threats

1. Develop a cybersecurity policy based on established guidelines

Organizations in the public sector can implement federal frameworks (for instance, the NIST Cybersecurity Framework) to baseline effective and strong cybersecurity state policy. These frameworks provide a strategic and high-level view of the cybersecurity risk life cycle. This can help your organization understand fraud risk and apply best practices. This can also enable you to manage risk and improve security of your critical services and infrastructure.

2. Establish cybersecurity council with industry and academia

As academic disciplines and industry sectors continue to develop expertise in cybersecurity and fraud prevention, your organization can gain insights from their knowledge to formulate your own public sector fraud management policy. These assets can be coordinated to develop strategies to help respond to real and potential threats.

3. Create a culture of cybersecurity awareness

In most of the cases, whether public or private organizations, the weakest link in information leakage and security compromise is careless or uninformed personnel. Employees should be empowered with the skills they need to be proactive and ready to face increasing threats. In order to reduce risk from cyberfraud and related attacks, foster a culture of cybersecurity awareness that implements robust training programs for all employees.

4. Consider cyber insurance for protection of public assets

In the event that an attack is successful, your organization can complement its cyber risk management process with cyber insurance for risks that cannot be completely mitigated. Cyber insurance benefits are not just financial, but also indirectly forces organizations to meet a certain criteria of security practices in order to be able to qualify for the insurance.

There is no denying that cyberattacks can cause financial, regulatory and organizational image issues. But by considering fraud prevention methods now, before an attack, your organization can implement necessary measures for the continued growth and longevity of the public sector.