Public sector organizations hold vast secrets.
In addition to classified military and government information, they are entrusted with their citizens’ most sensitive data, from bank account numbers to medical records. If this includes your data, you don’t need a cybersecurity expert to tell you the importance of keeping it safe.
You might not have known how vulnerable these public confidants are, particularly to ransomware and phishing, due to limited cybersecurity resources and the need to maintain legacy systems. Like so many private enterprises, their security teams are often simply stretched thin.
It’s the escalation of attacks that concerns us most. The ITRC reported a record number of cyberattacks worldwide in 2023, beating the previous record by 72%. This matches our own experience with clients and in Eviden’s security operations centers. Attacks continue to increase both in number and in sophistication as more organizations use cloud services, and bad actors take advantage of better technologies like AI.
Our clients are equally concerned by the growing financial hit, with an average cost exceeding several millions dollars, as highlighted in a public survey by Statista and reflected in our own data.
But the public sector has much more than money at stake. It urgently needs the next level of cybersecurity just to maintain public confidence and national security, and the next, next level to actually improve them.
Guarding the gates: a snapshot of high-profile breaches
The following high-profile breaches over the last four years have underscored the risks faced by public sector organizations; even the largest ones, which take great care of their security:
2024
- February-March: Data breach at French unemployment agency France Travail compromises 20 years of registrants’ data
- May: Breach of UK Ministry of Defence payroll system exposes unknown amount of military personnel data
- June: Cyberattack on German CDU political party takes months to overcome, jeopardizing 2025 federal election
- August: US government confirms Trump presidential campaign was breached by Iranian hackers
These recent cases add to significant outages in the U.S. that compromised critical infrastructure and national security:
2021
- May: Colonial Pipeline attack shuts down major US East Coast fuel pipeline for five days, causing gasoline, diesel fuel and jet fuel shortages
2020
- March-June: SolarWinds breach exposes more than 100 companies and 12 US government agencies to Russian state-sponsored espionage
These examples show that even the largest organizations, with the strongest cyber defense teams, can be victims of significant breaches. Imagine the risk faced by smaller public organizations, which do not possess the same level of protection!
How can cybersecurity measures be enhanced? Three golden rules
In April, our team participated in Locked Shields 2024, considered the most technically advanced live-fire cyber defense exercise in the world. Organized by the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE), Locked Shields has been challenging countries to strengthen their cybersecurity capabilities for 14 years. This year, Eviden’s DFIR team from Poland competed on the Finland-Poland team that won second place. From this amazing experience, we gained first-hand insight into three golden rules to fortify digital defenses and increase cyber resilience in an intricate and complex cyber landscape.
Takeaways from Locked Shields 2024: three golden rules
- Preserving trust: chain of custody vital to cybersecurity
In cybersecurity, the chain-of-custody concept refers to meticulous documentation and handling of incident data from the point of collection to its final disposition. Maintaining a clear chain of custody ensures that all evidence related to a breach is preserved accurately and can be used effectively in any subsequent investigations or legal proceedings. For example, when a ministry’s database is compromised, every step — from initial detection of the breach to analysis of the impacted data — must be documented extensively. This process ensures that the evidence remains untampered with and reliable. - Securing the chain: evidence preservation critical to cyber breach response
Evidence preservation goes hand in hand with maintaining a chain of custody. When a breach occurs, the immediate priority should be to preserve all potential evidence. This includes logs, access records and any related digital footprints.For instance, in 2021, a data breach at a major European health service exposed millions of patient records. The swift action to preserve server logs and access records was crucial in identifying the breach’s source and preventing further unauthorized access. Effective evidence preservation allows organizations to understand the breach’s scope and impact, thereby facilitating a more effective response. - Keeping classified data safe in the public sector: a matter of national security
Public sector breaches often involve classified information, which can have severe national security implications.For example, in 2020, a cyberattack on a national defense ministry led to the exposure of classified military documents. The breach not only jeopardized national security but also highlighted the critical need for enhanced cybersecurity measures within government entities. Protecting classified information requires robust encryption, stringent access controls, and continuous monitoring to detect and respond to threats promptly.
Applying these three golden rules is increasingly essential as the frequency and severity of cyberattacks targeting public sector entities escalate. Breaches not only jeopardize national security and public trust but also incur substantial financial costs and operational disruptions.
The role of DFIR and AI-powered security solutions
In this context, increased focus on digital forensics and incident response (DFIR) expertise is paramount. Today’s dynamic threat landscape also demands next-generation AI-powered managed detection and response (MDR), a pivotal cybersecurity evolution. For example, Eviden’s new AISAAC Cyber–Mesh is an AI-powered MDR solution that identifies risks up to 90% faster than traditional methods. This swift response capability not only minimizes the impact of attacks but also enhances overall security posture by providing proactive defense measures. Proactive DFIR and MDR security will be more vital than ever for cyber-resilience in the rapidly evolving, highly exposed threat landscape of public services.
For more information
- Discover Eviden security solutions for public services
- Explore how DFIR services can improve organizational security and resilience against cyber threats
- Download our ebook: Cyber Resilience in the Age of AI
- Subscribe to our Digital Security Magazine
- Want to know more? Ask for a personalized meeting with our public services security experts.