Private companies aren’t the only target for cyber criminals. As we’ve seen in the past with attacks to major public infrastructure, such as the Colonial Pipeline in the US in May 2021, and public services, like the Wannacry attack on the NHS in 2017, threat actors are not afraid to target governments.
A reason for this is because they are often considered ‘soft targets.’ Governments – national and local – are highly bureaucratic which makes them very slow moving. Not only do they need to comply with different policies, but they also need to consider the politics of any decisions they make. This can hamper preparations around cyber security and make them slow to respond when an incident occurs.
The public sector also has tighter budgets than most large private companies. And because of the many different costs they need to balance to keep the country, state or city running, it’s not unusual that cyber security gets pushed down the list of priorities. In the current economic climate, these budgets are likely to get even tighter.
Preparation is crucial for the public sector
However, cyber attacks on the public sector can cause major havoc, arguably more than when private companies are hit. If a power grid is targeted, then this has a knock-on effect on hospitals, transport and individuals who need light and electricity. Or if the government payments system is hit, then welfare payments (such as pensions or disability allowances) will go unpaid to those who really need them.
As a result, governments need to invest in their cyber security systems and processes. Here are a few things they should consider:
- Have a dedicated national cybersecurity agency
- Recruit specialist cyber security professionals from outside of the public sector
- Build a culture of cyber preparedness that also includes training employees of the risks and challenges to look out for
- Implement a national incident response and recovery plan and a critical infrastructure protection programme
- Collaborate with the private sector and learn best practices from other industries
- Increase international cooperation