Cutting the Cost of Public Sector Cybercrime in 2018

January 12, 2018

Sophisticated cyber threats against governments are increasing in frequency and severity, demanding heightened vigilance. In 2017, the White House published the Cybersecurity National Action Plan (CNAP) to address what the administration sees as weakness in cybersecurity preparedness within federal government, private sector business and among citizens. As we enter 2018, it’s important to understand the costs associated with cybercrime and to identify steps to reduce the financial impact of such attacks on government agencies.

Accenture recently collaborated with the Ponemon Institute to understand how cyber crime is impacting public and private sector industries, including government, and to explore the steps organization have taken in recent years to improve security effectiveness.

The Cost of Cyber Crime Study’ surveyed more than 2,000 security and IT professionals in 254 organizations worldwide and found that cyber attacks are not slowing down. Quite the contrary: The number of cyberattacks against government agencies is increasing, with public sector organizations experiencing 53 such attacks on average per week during 2017.

The study also found that the average cost of a successful public sector cyber breach rose from $6.77 million in 2016 to $8.2 million in 2017. For all organizations studied, web-based and malware attacks remain the most common, with each web-based attack costing the impacted organization an estimated $85,583 and each malware attack costing on average $6,500.

In 2017, state-sponsored actors and cybercriminals produced more viral variants of ransomware than ever before – setting a new bar for government cybersecurity teams. Ransomware such as WannaCry and the highly destructive Petya variant cost public sector organizations on average $83,597, an increase from $76,513 in 2016.

While the occurrence of cyberattacks is increasing, there are actions organizations can take to better protect themselves and reduce the number and impact of security breaches.

Get the Security Basics Right:

Significant breaches share three common traits:

They have long term financial effects.
Organizations have underestimated the value of their data.
They are the result of multiple points of failure.

Now more than ever, it is critical that organizations implement basic data-centric security measures. The first step is to identify the data or assets that are most critical to operations. Securing high-value assets makes it difficult and expensive for adversaries to achieve their goals, while limiting damage if they do gain access.

Having strong network security in place will also ensure that data is protected beyond “the four walls” of an organization, be it within the cloud or within external field operations. Additionally, organizations that monitor the behavior of users and applications limit an attacker’s maneuverability and enable a continuous response model, whereby an organization assumes it has been breached and uses incident response and threat hunting teams to look for the next attack.

An Organizational-Wide Cybersecurity Strategy

The high cost of cybercrime underscores the need for public sector organizations to strategically plan and closely monitor security investments. To keep pace with sophisticated and highly motivated attacks, organizations must adopt a dynamic, nimble security strategy that builds resilience from the inside out and aligns with business objectives.

Innovation is a key driver in developing sustainable strategies that can adapt to evolving organizational needs and deliver effective security measures at scale and across multiple locations.

Security also must be supported with dedicated budget and programs, as well as a clear leadership vision. To safeguard assets, government leaders must drive modern, proactive and agile strategies that can quickly identify and respond to digital security risks. Prioritization is another essential element of any security strategy. Once an agency has conducted a risk assessment, it can take steps to protect what’s most vulnerable and essential. Because breaches can happen at all levels of government, it’s also important for agencies to develop protocols that can be leveraged by federal, state and local officials.

How Innovative Technology Can Drive Resilience

By developing technology capabilities that enhance user experience and increase productivity, organizations not only increase digital uptake but also improve their ability to counter advanced security threats. New and disruptive technologies can help public-service organizations integrate cyber defenses deeply into their organizations and enable a comprehensive end-to-end approach to security. As a first step, agencies should conduct a thorough assessment of their cybersecurity capabilities, while "pressure-testing" their defenses to determine whether they can withstand a targeted attack. They should also assess and minimize their network exposure, focusing on protecting priority assets and identifying new areas for investment. Being ‘brilliant’ at these basics will make it incredibly difficult for attackers to succeed.

Our research indicated that security intelligence systems and advanced identity and access governance are the two most widely deployed security technologies among public sector organizations. Meanwhile, just more than half of public sector respondents (55 percent) said they were currently deploying security intelligence tools within their organization. Technologies such as cloud-based email analytics can also be used to identify and quarantine known threats, and artificial intelligence (AI) and biometrics must also play a part. AI can dramatically increase security in IT environments by using behavioral profiling to detect anomalies that may indicate a threat.

Ensure Strong Governance

Effective security requires strong leadership and cross-organizational support, as well as the proper governance measures. A Chief Information Security Officer (CISO) should have the authority to define and manage the organization’s security strategy and to communicate directly with all functional leads. Cross-operational governance controls can help leaders effectively measure results, assess the strategy, evolve the organization’s posture and realize the best use of resources. Where a CISO does not have the authority to set strategy or access leadership, governance and controls are less effective.

Organizations must also focus on accountability and nurture a cybersecurity-minded culture that measures and reports cybersecurity performance, develops attractive cybersecurity incentives for employees and creates a clear-cut cybersecurity chain of command. Leaders need to redefine cybersecurity success as more than simply achieving compliance targets. The right level of visibility and authority is critical to discovering and responding to threats in a timely manner.

Government agencies should approach cybersecurity with an organizational mindset -- one capable of continually evolving and adapting to new threats. State-of-the-art cybersecurity requires investments in innovation and training, as well as leadership buy-in and support. In today's connected world, government, citizens, employees and industry stakeholders must all be actively involved in preventing and fighting digital threats. Effective cybersecurity depends on all stakeholders working together to anticipate and respond to attacks – this will ensure our government agencies deliver on their missions to protect citizens and deliver citizen services.

Ger Daly is senior managing director for Accenture Defense and Public Safety with global responsibility for defense, policing, and border and identity business services. He leads a team of dedicated professionals who assist government and public service organizations that manage the cross-border movement of people, provide national and international security and manage criminal justice systems. Daly’s defense industry experience spans large-scale enterprise resource planning programs (ERP), supply chain logistics and a range of technology programs that include cloud, data analytics, predictive analytics, and mobility services.He joined Accenture in 1988 and holds a Bachelor of Electrical and Electronic Engineering from University College Cork in Ireland. He lives in Dublin.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Cutting the Cost of Public Sector Cybercrime in 2018

Get the Security Basics Right:

An Organizational-Wide Cybersecurity Strategy

How Innovative Technology Can Drive Resilience

Ensure Strong Governance

Related Articles

Related Products

Report Abusive Comment