PandaLabs, Panda Security’s anti-malware laboratory, have released a whitepaper on “Privacy in Public Administration”; detailing numerous cyber-attacks impacting government organizations and what legislation is being put in place to help solve the issue.
Theft and misuse of data
The use of information and communication technologies in general, and specifically online government services, are key factors in the way the public sector is changing. Technological advances have made it possible to store personal data in digital format, a great benefit to users, but also a highly-prized target for cyber-criminals.
The healthcare sector alone, saw 184 total breaches between January and March 2016, and as the NHS handles some of the most personal and sensitive data, breaches can cause those included a huge number of problems and distress.
New crimes including cyber-terrorism, cyber-espionage and hacktivism are on the rise. The secret phase of the cyber-war against Iran began during the last decade with espionage carried out by the US and Israeli intelligence services.
With just three months to go before the US elections, the FBI has confirmed the hacking of at least two electoral databases by foreign hackers who have extracted voter information from at least one of them. This is just one of the latest recorded cases of hacktivism.
The solution for adapting to the change
The emergence of new players from different backgrounds and with varying motivations combined with their ability to act in any security dimension, hinders the identification of aggressors and decreases the ability of countries to adequately respond. Current legislation is not adapted to the new cyber-crime dynamic or to new technological or data management demands.
To prevent new attacks on public agencies, a common regulatory and legislative framework is needed, with responsibilities shared between states. One such example is the new regulatory data protection framework passed in the EU in 2016.Of course much of the UKs inclusion within European legislation depends on exactly what the government decide Brexit means.
For public bodies, success in ensuring cyber-security lies with meeting certain requirements:
· Having real-time information about incidents and security holes related to data security.
· Compliance with Article 35 of the “General Data Protection Regulation” on data protection impact assessment.
· Reporting all possible transfers of data files to foreign countries.
· Safeguarding delegation to other processors, i.e. deleting of data, meeting reporting and notification requirements, and the maintenance of file transfer activities.
To this effect, the implementation of advanced technologies such as Adaptive Defense , as a complement to traditional antivirus solutions, enables compliance with these, since Adaptive Defense offers guaranteed security against threats and advanced targeted attacks.