With growing Internet penetration and government initiatives such as Digital India, Smart Cities, Startup India and Aadhar – India’s national unique identification number project, the need to ensure better protection of both critical infrastructure and sensitive data
Bitdefender, a leading Internet security technology company, records growing numbers of hacker attacks on government agencies and public sector organizations worldwide. Experts underline India with its large-scale digitization programs has emerged as one of most frequent targets.
Despite ongoing efforts to bolster the cyber security of agencies that have a huge impact on the lives of many citizens worldwide, some of the biggest and most well-publicized breaches in recent years have come against public sector organizations, Bitdefender researchers point out.
According to Bogdan Botezatu, a Senior E-threat Analyst with Bitdefender, a leading Internet security technology company, the government agencies are particularly popular targets for cyber espionage, in which external threat actors such as state-affiliated organizations or nation states infiltrate networks looking for sensitive data.
Botezatu turns to Verizon’s 2016 Data Breach Investigations Report, which looked at security threats in 20 different industries, to emphasize that public sector entities were at the top of the list of espionage-related attacks. While according to PwC’s Global State of Information Security Survey 2016, the barrage of attacks against public sector agencies shows no signs of abating: these types of organizations detected 137% more cyber security incidents in 2015 than the year before.
“We’ve seen substantial attacks against government agencies in 2016, following the epic 2015 hack against the U.S. Office of Personnel Management that resulted in the theft of sensitive personal information about more than 20 million people both inside and outside the government,” Bogdan Botezatu says.
As a result of increasing cyber-attacks against public sector agencies and companies, many such organizations take proactive steps to create adequate cyber security policies in order to address top security priorities. Measurers taken by public sector organization include deploying technology such as cloud-based cyber security, advanced authentication, big data analytics and data encryption. Cloud computing security and mobile device security is believed to be among the top security priorities for public sector organizations for the next one year, according to experts.
PWC report shows that the use of cloud computing in the public sector rose significantly in 2015, and respondents said 42% of their systems have been moved to the cloud. Cloud computing has emerged as a sophisticated tool for cyber security safeguards in recent years, and 56% of public sector organizations now use cloud-enabled cyber security for services such as real-time monitoring and analytics, threat intelligence, advanced authentication and identity and access management.
And as more government employees use personal smartphones and tablets at work, cyber security has become an increasingly important priority at agency. More than half of respondents think the use of mobile devices has impaired security. To strengthen security, government agencies all over the world are adopting authentication technologies such as software and hardware tokens, smartphone tokens and cryptographic keys as well as turn to cloud-based cyber security services as mobile devices rely heavily on cloud infrastructure or use cloud-based services to address the core cyber security requirement of identity and access management.
In India, the use cloud-based security tools such as analytics, advanced authentication and identity and access management is growing, too, with more and more organizations both in private and now public sector updating fundamental security technologies and practices and investing in more advanced security solutions. With growing Internet penetration and government initiatives such as Digital India, Smart Cities, Startup India and Aadhar – India’s national unique identification number project, the need to ensure better protection of both critical infrastructure and sensitive data.
“Industry reports and our own observations indicate that the number of targeted attacks as well as attacks using common malware is rapidly growing in India. This is despite the fact that most of security breaches are still unreported due to lack of strong legislative framework of responding to cybersecurity incidents and security breach reporting requirements in the country,” Basawaraj Vastrad, Head of Tech & Support at BD Software Distribution, the Country Partner for Bitdefender in India says.
In 2015, according to PWC, the average number of information security incidents detected by respondents increased by 117 per cent over the previous year, up from 2,895 in 2014 to 6,284 in 2015. This is compared to just 39 per cent increase in incidents of cybersecurity breach globally during the same period.
The lack of incentive to disclose incidents for both public and private companies in India, unclear liability norms not only make it difficult or nearly impossible to analyze the scale of security breaches taking place in the public sector. It also undermines the role that transparency of breach disclosures could play in developing better cyber threat intelligence, ensuring better cybersecurity practices are adopted in public sectors organizations and overall mitigating the costs of current and future attacks.
“The recent move by RBI which issued a very detailed mandate for banks to implement internal cybersecurity frameworks and report unusual cyber-security incidents, whether they were successful or not, is a welcome move which should be extended to all public sector organizations, agencies and initiatives dealing with critical infrastructure and, most importantly, sensitive data,” Basawaraj Vastrad says.
Public sector organizations and government agencies dealing with sensitive data should be aware of best available security technologies available in the market and implement advanced practices to ensure that information they handle, be it government’ data or citizens’ data, is well protected from cybercriminals.