One insight stands out among the many contained in Verizon' 2023 Data Breach Investigation Report.
Out of more than 16,000 incident investigations spanning two dozen industries, Public Administration organizations suffered the highest number of individual incidents. Verizon' researchers recorded and analyzed 3,270 incidents in this sector.
That means 20% of all reported security incidents occurred at government agencies. This sector also saw the highest total number of successful data breaches.
This should be a surprise to anyone who gets their security industry information from news headlines and expert publications. Other than a few high-profile attacks on national government entities, public administration gets very little attention.
That doesn't mean these attacks go unreported, however. It's just that many victims are small, local government agencies. They simply don't attract the kind of media attention that attacks against huge organizations can.
But they add up. Cybercriminals are increasingly targeting regional and municipal government agencies, focusing on organizations that are too small to implement enterprise-level internal security processes.
North Kingstown, Rhode Island is home to 27,000 residents. When ransomware attackers targeted the town' municipal computer network in May 2023, it responded by activating a cybersecurity protocol in response.
This protocol included a technical incident response playbook and a cybersecurity insurance policy that covered the cost of engaging third-party partners to conduct a forensic investigation. The town' security partners determined that no payroll or personal data had been compromised.
North Kingstown' reliance on third-party partnerships demonstrates the key difference between securing a local government agency and a major national organization.
Large government organizations can afford to hire, train, and retain a full team of cybersecurity professionals capable of providing 24/7 detection and response coverage. Small, local government agencies often don't have the resources to compete.
Cybercriminals know this. They also know that US law requires government agencies to publicly report their annual expenditures. With a little bit of effort, threat actors can find out which government agencies have contracts with secure IT vendors and which ones do not.
Local government organizations can't build their own enterprise-scale security operations centers, yet they must adopt an enterprise-level security posture against a wide variety of threats.
According to Verizon' data breach report, stolen credentials are involved in nearly half of all data breaches.
This is a problem for government organizations that store and transmit enormous volumes of sensitive data. Traditional security solutions can't detect malicious insiders or credential-based attacks because the attackers aren't infiltrating the network by technical means. They are abusing the trust that organizations grant to authorized, validated users.
Advanced technologies like User and Entity Behavioral Analytics (UEBA) reduce security risks by automatically monitoring how individual users and assets interact on government networks. UEBA technology can detect malicious insiders and credential-based attacks that other technologies overlook.
UEBA-powered platforms like Exabeam achieve this by monitoring the behaviors of authorized users and assigning a dynamic risk score to every single one according to their observed baseline risk. When a user deviates too far from their established routine, it triggers an alert. Riskier behavior leads to higher-severity alerts, allowing security analysts to investigate high-priority threats first.
Advanced security technology is just one part of the security puzzle that public administrators must address. To make the most of these technologies, government agencies must configure them to address their own unique risk profile. This means entrusting security implementation and deployment to reliable partners with demonstrated product expertise.
This amplifies the protection that these security platforms can offer. Instead of accepting subpar performance from a plug-and-play security deployment, local government organizations can implement highly customized information security platforms configured to meet their security needs.
Ready to learn more? Keep reading Part 2 of this article.
Lumifi combines deep product expertise and years of experience creating custom rules and incident response playbooks to provide local and state government agencies with highly customized enterprise-level security solutions. Government agencies that rely on industry experts to configure, deploy, and run their security operations are better prepared to address a wide variety of attacks and security incidents.
Lumifi is a managed detection and response vendor that provides government agencies with unlimited visibility into their security processes.
Schedule a demo to find out how we can help secure your organization against malicious insiders and credential-based attacks.
Subscribe to Lumifi's Daily Cybersecurity News Curated by a CISO
We’ve expanded our MDR capabilities with enhanced incident response and security services to better protect against evolving cyber threats.