Why government officials and agencies keep getting cyberattacked?

According to the CloudSek report, data breach, access, and hacktivism (broadly defined as hacking for political or association purposes) are the top three motivations for attacks against government departments, accounting for 62.7%, 13.5%, and 8.8%, respectively.

Government agencies and organizations collect and store large amounts of data, including sensitive and confidential information and large amounts of personal information of citizens, which are large and real, and hackers steal the data and post it to the dark web to sell it at high prices for huge profits. According to an IBM report, the average total cost of a breach in the public sector, such as the government, increased from $1.93 million to $2.07 million, an increase of 7.25 percent.

In addition, if national security and military data or systems are involved, be wary of the risk of being used by terrorist organizations or hostile forces for espionage.

Tense geopolitical situations also frequently give rise to hacktivist cyber attacks. Since the outbreak of the Russia-Ukraine conflict on Feb. 24, 2022, cyber attacks between the two countries have become more frequent. The Russian-backed APT group Primitive Bear has been targeting Ukrainian organizations since 2013, targeting the Ukrainian government, military and law enforcement, and has organized numerous cyber operations before and after the conflict.

The geopolitical situations between India and Pakistan, Iran and Israel have also been chronically tense, with cyber attacks occurring between the two countries on an ongoing basis. In June 2022, Pakistan's Dawn newspaper alleged that an India-based hacking group targeted Pakistani politicians, military officials and diplomats, tapping their devices to facilitate intelligence work.

According to a report by cybersecurity firm Sophos, local governments are often targeted because their weak defenses, limited IT budgets and IT staff, aging computer systems and outdated code make it easy for hackers to breach their defenses. Compared to private organizations, government IT departments are often overwhelmed, making it easier for hackers to break in and install ransomware. And while larger government departments have more stringent cybersecurity defenses, their attraction to hackers lies in their lucrative departmental and public funding.

What government agencies can do to defend against cyber attacks?

Government agencies and organizations need to improve cybersecurity capabilities, develop strong detection, response, reconnaissance and recovery capabilities, have a clear knowledge and grasp of the full flow of data and IT infrastructure, and turn on access controls to ensure that data and critical infrastructure are protected from threat actors.

The exponential growth in the number of cyberattacks means that governments need to not only defend against cyberattacks, but shift to a zero-trust model, where they proactively verify the authenticity of user activity by assuming in advance that the user's identity or the network itself may be stolen. Governments should constantly monitor the dark web and known threat actors for their latest TTPs and take steps to pre-empt attacks, as well as proactively monitor infrastructure, network vulnerabilities and suspicious behavior. In addition to traditional penetration testing, the government should also focus on vulnerability bounty programs and vulnerability disclosure programs.