A spate of cyberattacks across Europe has heightened concerns that public sector targets are at risk.
In the last week alone, hackers have breached the Danish train network Report , cybercriminals targeting European ministers and Commercial Spyware Spying on Greek Politicians. While the various methods, objectives, and motives suggest that the attacks were isolated incidents, they further exposed the vulnerability of government targets.
Attacks form part of a growing trend. Serious cybersecurity concerns at EU institutions have reportedly increased more than tenfold between 2018 and 2021 . Oliver Pinson-Roxburgh, CEO, Cyber Security PlatformsDefense.com, views recent events as part of a broader pattern. “This is because they can hold more sensitive data than commercial organizations and often rely more heavily on outdated legacy systems that pose a much greater risk to security than modern systems. “
The government can be an easier target.
Last week, ENISA the European Union’s cybersecurity agency reported that 24 % of cyberattacks in the past year of the study targeted public administrations and governments. Attacks ranged from zero-day exploits of software vulnerabilities to AI-enabled disinformation attacks.
Ian McShane, Vice President of Strategy, Internet Corporation Arctic Wolf, on the various issues exposed in the report
“While ransomware remains a major risk to European governments and businesses, ENISA found widespread The threat shows just how difficult it is. Challenges remain for stressed security teams across businesses across Europe,” he said.
Evolving threats in an ever-changing world
Global events intensify Risks. Most notably, the pandemic accelerated our transition to digital public services, while the invasion of Ukraine exacerbated the threat of cyber espionage.
“ Risk has not changed. It’s getting worse,” Jason Steer, CISO Recorded Future Say, a threat intelligence firm. So where the attack surface grows substantially, so does the opportunity for cybercriminals.”
Research shows that COVID-19 has accelerated digital adoption for several years. Image source: CNJ
public sector also Can provide tempting targets for attacks. The government has long been accused of underinvesting in defense while it pays cybersecurity jobs that cannot compete with those in the private sector.
“Government can be seen as an easier target than the private sector, as businesses have invested heavily in security in recent years, “ Chief Technical Security Office Paul Baird said) Qualys and Chartered Information Fellow of the Security Society .
“When the private sector invests so much money, it has picked up a lot of low hanging fruit malware gangs, so They are looking for other targets.”
The sheer size of the public sector and various outdated technologies add even more vulnerabilities. These The combination of systems and modern IT has left behind a large number of digital assets that are difficult to understand and protect.
Dr. Ilia Kolochenko, founder of security company ImmuniWeb and members of the Europol Network of Data Protection Experts , noting that the A range of shadow IT and non-interoperable legacy systems are difficult to secure.
“An increasing number of infected and backdoored government systems are now available for sale on the dark web, occasionally Gang buying is used as a proxy for elaborate cyber attacks that are difficult to investigate and attribute,” he said.
How is Europe fighting cyber threats?
Experts call for more funding to mitigate attacks. They also want public sector organizations to develop more systematic defense plans, proactively seek out threats, and work more closely with businesses .
McShane recommends a three-pronged approach for public sector organizations. First, adopt a solution that eases the burden on the security team. Second, work with outside professionals to improve security. Finally, build on existing information-sharing agreements between governments – such as the EU Cyber Rapid Response Team – and coordinate resources.
Governments need to protect their data.
The range of attack vectors is increasing Large, also require specific forms of defense. Zac Warren, Principal Security Consultant at Endpoint Management Company Tanium, wants Data protection becomes a top priority. This is especially important when it comes to national security issues, such as information for military applications.
“Governments need to quickly assess their capabilities to protect their data,” he said. “They need early warning systems to quickly understand if their IT environment has been compromised — and the ability to monitor and control any bad actors that do get into the system to make sure they don’t steal data. I expect the cyber aspect of the conflict to intensify, The impact will go far beyond Ukraine.”
According to Former British Prime Minister Liz Truss’ phone was reportedly hacked by suspected Russian agents . Image source: UK Government
Meanwhile, the attack on a Danish train operator further highlights the risks posed by complex supply chains. The incident occurred after another supply chain attack caused severe disruption Service throughout the UK National Health Service for several months.
Pinson-Roxburgh warns that the growing complexity of IT supply chains is increasing potential vulnerabilities.
“When vetting potential suppliers, procurement teams—particularly those in larger organizations—will now Due diligence is seen as an essential component,” he said. “Enterprises should think carefully before using any vendor that does not follow cyber best practices and potentially exposes the enterprise to new vulnerabilities.”
Analysts also point to the need for better education. This seems especially urgent for European politicians who are now often hacked . The stigma created by these attacks will hopefully persuade more lawmakers to step up their defenses.
