Cutting the Cost of Public Sector Cybercrime in 2018

Sophisticated cyber threats against governments are increasing in frequency and severity, demanding heightened vigilance. In 2017, the White House published the Cybersecurity National Action Plan (CNAP) to address what the administration sees as weakness in cybersecurity preparedness within federal government, private sector business and among citizens. As we enter 2018, it’s important to understand the costs associated with cybercrime and to identify steps to reduce the financial impact of such attacks on government agencies.

Accenture recently collaborated with the Ponemon Institute to understand how cyber crime is impacting public and private sector industries, including government, and to explore the steps organization have taken in recent years to improve security effectiveness.

The Cost of Cyber Crime Study’ surveyed more than 2,000 security and IT professionals in 254 organizations worldwide and found that cyber attacks are not slowing down. Quite the contrary: The number of cyberattacks against government agencies is increasing, with public sector organizations experiencing 53 such attacks on average per week during 2017.

The study also found that the average cost of a successful public sector cyber breach rose from $6.77 million in 2016 to $8.2 million in 2017. For all organizations studied, web-based and malware attacks remain the most common, with each web-based attack costing the impacted organization an estimated $85,583 and each malware attack costing on average $6,500.

In 2017, state-sponsored actors and cybercriminals produced more viral variants of ransomware than ever before – setting a new bar for government cybersecurity teams. Ransomware such as WannaCry and the highly destructive Petya variant cost public sector organizations on average $83,597, an increase from $76,513 in 2016.

While the occurrence of cyberattacks is increasing, there are actions organizations can take to better protect themselves and reduce the number and impact of security breaches.

Get the Security Basics Right:

Significant breaches share three common traits:

They have long term financial effects.
Organizations have underestimated the value of their data.
They are the result of multiple points of failure.

Now more than ever, it is critical that organizations implement basic data-centric security measures. The first step is to identify the data or assets that are most critical to operations. Securing high-value assets makes it difficult and expensive for adversaries to achieve their goals, while limiting damage if they do gain access.

Having strong network security in place will also ensure that data is protected beyond “the four walls” of an organization, be it within the cloud or within external field operations. Additionally, organizations that monitor the behavior of users and applications limit an attacker’s maneuverability and enable a continuous response model, whereby an organization assumes it has been breached and uses incident response and threat hunting teams to look for the next attack.

An Organizational-Wide Cybersecurity Strategy

The high cost of cybercrime underscores the need for public sector organizations to strategically plan and closely monitor security investments. To keep pace with sophisticated and highly motivated attacks, organizations must adopt a dynamic, nimble security strategy that builds resilience from the inside out and aligns with business objectives.

Innovation is a key driver in developing sustainable strategies that can adapt to evolving organizational needs and deliver effective security measures at scale and across multiple locations.

Security also must be supported with dedicated budget and programs, as well as a clear leadership vision. To safeguard assets, government leaders must drive modern, proactive and agile strategies that can quickly identify and respond to digital security risks. Prioritization is another essential element of any security strategy. Once an agency has conducted a risk assessment, it can take steps to protect what’s most vulnerable and essential. Because breaches can happen at all levels of government, it’s also important for agencies to develop protocols that can be leveraged by federal, state and local officials.

How Innovative Technology Can Drive Resilience

By developing technology capabilities that enhance user experience and increase productivity, organizations not only increase digital uptake but also improve their ability to counter advanced security threats. New and disruptive technologies can help public-service organizations integrate cyber defenses deeply into their organizations and enable a comprehensive end-to-end approach to security. As a first step, agencies should conduct a thorough assessment of their cybersecurity capabilities, while "pressure-testing" their defenses to determine whether they can withstand a targeted attack. They should also assess and minimize their network exposure, focusing on protecting priority assets and identifying new areas for investment. Being ‘brilliant’ at these basics will make it incredibly difficult for attackers to succeed.

Our research indicated that security intelligence systems and advanced identity and access governance are the two most widely deployed security technologies among public sector organizations. Meanwhile, just more than half of public sector respondents (55 percent) said they were currently deploying security intelligence tools within their organization. Technologies such as cloud-based email analytics can also be used to identify and quarantine known threats, and artificial intelligence (AI) and biometrics must also play a part. AI can dramatically increase security in IT environments by using behavioral profiling to detect anomalies that may indicate a threat.

Ensure Strong Governance

Effective security requires strong leadership and cross-organizational support, as well as the proper governance measures. A Chief Information Security Officer (CISO) should have the authority to define and manage the organization’s security strategy and to communicate directly with all functional leads. Cross-operational governance controls can help leaders effectively measure results, assess the strategy, evolve the organization’s posture and realize the best use of resources. Where a CISO does not have the authority to set strategy or access leadership, governance and controls are less effective.

Organizations must also focus on accountability and nurture a cybersecurity-minded culture that measures and reports cybersecurity performance, develops attractive cybersecurity incentives for employees and creates a clear-cut cybersecurity chain of command. Leaders need to redefine cybersecurity success as more than simply achieving compliance targets. The right level of visibility and authority is critical to discovering and responding to threats in a timely manner.

Government agencies should approach cybersecurity with an organizational mindset -- one capable of continually evolving and adapting to new threats. State-of-the-art cybersecurity requires investments in innovation and training, as well as leadership buy-in and support. In today's connected world, government, citizens, employees and industry stakeholders must all be actively involved in preventing and fighting digital threats. Effective cybersecurity depends on all stakeholders working together to anticipate and respond to attacks – this will ensure our government agencies deliver on their missions to protect citizens and deliver citizen services.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

How can security leaders charged with investigations handle the management of interviewers and interrogators, as well as handle interviewing, including dealing with false confessions and misleading information?