PandaLabs, Panda Security’s anti-malware laboratory, has released its latest whitepaper entitled, “Privacy in Public Administration.” The whitepaper details numerous cyber-attacks on specific countries, and how the government sector is becoming a more focused area of attack for cyber-criminals. The full whitepaper can be downloaded at the Panda Media Center.
Theft and Misuse of Data
The use of information and communication technologies in the public sector, specifically online government services, is a key factor for being targeted by cyber-criminals. Technological advances have made it possible to store personal data in digital format, a great benefit to users, but also a highly-prized target for cyber-criminals.
“Privacy in Public Administration” details the major uptick in cyber-crime in recent years. And while cyber-crime is now more prevalent than ever, attacks against the public sector are not brand new. Panda Security outlines several major government breaches over the last decade, including these striking examples:
In 2006, the United States Department of Veterans Affairs was attacked, compromising the data of 26.5 million veterans. The whitepaper also details the case of Shalom Bilik, an Israeli government sub-contractor, who in 2006 stole the personal details of nine million Israeli citizens and put them up for sale.
In 2012, a simple email was sent to employees of the South Carolina Revenue departments, giving an attacker access to the internal network and the data of 3.8 million taxpayers.
In 2015, both the White House and the Office of Personnel Management, the federal governments HR agency were victims of cyber-attacks. In the same year, a group of attackers with connections to ISIS seized control of the Pentagon’s main social network accounts.
It is becoming more evident that cyber-criminals are seeing the value in this sector because there is so much proprietary and private data at stake. The Government Accountability Office stated that in 2015 alone, there were more than 77,000 cyber-attacks against federal agencies.
New crimes including cyber-terrorism, cyber-espionage and hacktivism are on the rise. The secret phase of the cyber-war against Iran began during the last decade with espionage carried out by the U.S. and Israeli intelligence services.
And along with insider attacks such as Edward Snowden’s exposé of the NSA, hacktivism has become a serious threat to government and public agencies. The whitepaper uncovers numerous examples, one of which is the 19,252 emails from the Democratic National Committee appearing on Wikileaks. The FBI has also confirmed the hacking of electoral databases by foreign hackers, just three months from the election.
The emergence of new global players with varying motivations, combined with their ability to act in any security dimension, hinders the identification of aggressors and decreases the ability of countries to adequately respond. Current legislation is not adapted to the new cyber-crime dynamic or to new technological or data management demands.
To prevent new attacks on public agencies, a common regulatory and legislative framework is needed, with responsibilities shared between states. The whitepaper also discusses regulatory challenges the U.S. faces with cybercrime.
For public institutions, success in ensuring cyber-security lies with meeting certain requirements:
Having real-time information about incidents and security holes related to data security.
Compliance with Article 35 of the “General Data Protection Regulation” on data protection.
Reporting all possible transfers of data files to foreign countries.
Safeguarding delegation to other processors, i.e. deleting of data, meeting reporting and notification requirements, and the maintenance of file transfer activities.
To this effect, the implementation of advanced technologies such as Adaptive Defense, as a complement to traditional antivirus solutions, enables compliance with these, since Adaptive Defense offers guaranteed security against threats and advanced targeted attacks.
To read the full whitepaper “Privacy in Public Administration” click here and download, or check out the infographic.
About Panda Security
Founded in 1990, Panda Security is the world’s leading cloud-based security solutions company. Based in Spain, the company has a direct presence in over 80 countries, products translated into more than 23 languages and millions of users worldwide. Its mission is to simplify the complexity by creating new and better solutions to safeguard the digital life of its users.