Public institutions are increasingly networked and offer users predominantly digital services (online tax payments, online application for an ID card, etc.). However, at the same time, hackers and cybercriminals are given extensive opportunities to attack as the public sector is a very attractive target for a number of reasons.
Reasons for concern
The vast majority of public institutions processes the data of millions of French citizens every single day—patient files, bank details, addresses, identities, property.... Every day, IT technologies are increasingly making their presence felt in the collection and processing of citizens’ data. In tax authorities and social service alone, data that could compromise citizens if stolen are bundled together. For example, medical data can fetch anywhere between 50 and 250 dollars on the black market. Bank details, on the other hand, can be worth 50 dollars.
Another risk is that political institutions can fall victim to politically motivated, domestic or foreign computer hacks. In December 2018, hacktivists were suspected of launching DDoS attacks (shutting down a website due to the amount of traffic) against several institutions, including the URSSAF and Ministry of Justice. This kind of attacks doesn’t only result in financial losses, but can also severely impair the services provided.
These dangers posed to the public sector are made greater by the vulnerability of the organisations’ IT as these institutions rarely update their hardware. Budgets and state provisions must be complied with, which can lead to a much longer decision-making process, explaining why many terminal devices are practically obsolete and their cyber defences far from up-to-date.
Recommendations for efficient security
Efficient and comprehensive cybersecurity is a must in both the private and public sectors.
This involves having in place a foundation of basic security solutions such as firewalls and anti-virus protection. However, as public institutions are increasingly making use of in-house and external communication (e-mails...), they absolutely need e-mail security software so that messages infected with viruses can be detected before they reach the recipient.
Managing data is a huge challenge for the public sector and specific steps have to be taken to ensure protection. Solutions for encrypting data, shared information and e-mails are perfect solutions for these kinds of institutions.