Let's get started.
Choose your country to view contact details.
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.
You will soon receive an email with a link to confirm your access, or follow the link below.
You may now close this message and continue to your article.
Frequency | 3,273 incidents, 584 with confirmed data disclosure | |
Top patterns | System Intrusion, Lost and Stolen Assets, and Social Engineering represent 76% of breaches | |
Threat actors | External (85%), Internal (30%), Multiple (16%) (breaches) | |
Actor motives | Financial (68%), Espionage (30%), Ideology (2%) (breaches) | |
Data compromised | Personal (38%), Other (35%), Credentials (33%), Internal (32%) (breaches) | |
What is the same? | This sector continues to be targeted by Financially motivated external threat actors as well as spying nation-states that are interested in what their rivals are doing. Personal data remains the most often stolen data type. | |
Resumen | This sector continues to make top scores in Espionage-motivated breaches. It is also rich in multiple actor breaches. External and Partner or Internal actors working together to steal data is not the kind of international cooperation we want to see fostered. |
Whether data is stolen by stealthy “weather research” balloons (death stars) floating overhead or by more conventional methods such as phishing, external threat actors are diligently gaining access to data in the public sector. Mind you, when we created VERIS to allow us to categorize breaches, we didn’t expect to see it applied to UFOs being shot out of the sky. But, until it becomes a trend, we will simply tag it as Physical - Other and call it a day for now
The System Intrusion pattern remains high in this sector. Some intrusions are stuff that movies are made of—complex attacks against a challenging target, where the stakes are high for entire economic systems.50 We did see an increase in the Espionage-motivated actors in this pattern this year. In fact, this sector is one where the Espionage-motivated actor is consistently among the highest.
Within the System Intrusion pattern, we saw a slight decrease in Ransomware as a tactic. This doesn’t mean you should ignore it, however, as it remains a favored method of disrupting government workings while generating income for the adversaries.
While it is possible to reach their goals by themselves, these actors are not opposed to recruiting help from within the organization. We see evidence of collusion (multiple actors working in concert) in 16% of Public Administration breaches this year. That is significant, given that we didn’t see multiple Actor breaches the past two years in this sector, and in 2020’s report, it was only at 2%.
This brings us to the point that internal actor Misuse continues to be a consistent problem in this sector. While prevalent, it is not increasing, so that is at least some good news. In fact, Misuse peaked in 2019 (of the past five years) and has decreased somewhat since then. However, the pairing of the unhappy employee with a motivated external adversary shows the continued need for detective controls. If you can catch this kind of Internal actor-facilitated attack in its early stages, you can mitigate the damage significantly.
We see evidence of collusion (multiple actors working in concert) in 16% of Public Administration breaches this year. That is significant, given that we didn’t see multiple Actor breaches the past two years in this sector, and in 2020’s report, it was only at 2%.
50 There are explosions and car chases in there too, we’re sure of it.
Choose your country to view contact details.
Existing customers, sign in to your business account or explore other support options.