Check Point Research shows global trend towards lucrative public sector targets


Share this content


There’s nothing quite like a global pandemic with legally enforceable lockdowns to expose the public sector’s dependence on outdated digital infrastructure. While the devastating SolarWinds “sunburst” attack made headlines in 2020 for its impact on private corporations like Cisco, Microsoft and thousands of customer organisations, there’s a good chance much of it was collateral damage in pursuit of an increasingly lucrative target: the public sector.

The SolarWinds cyber-attack, which went undetected for months, also impacted NATO, the UK government, the European Parliament and even the US Treasury – all public sector entities wielding great power and extremely sensitive data.

While the pace of transformation may vary from country to country, the public sector as a whole is gradually becoming more digitally mature. However, the wheels of government have a reputation for turning slowly. Many public-owned organisations are overstretched and under-resourced, particularly when it comes to matters of cybersecurity and bad actors are taking note.

Check Point’s 2021 Mid-Year Cyber Attack Trends Report highlights just how prevalent attacks on public sector organisations have become during the pandemic. Globally, government organisations are now one of the most popular targets for bad actors, second only to those in the education and research sectors. Of the 93% increase in global cyber-attacks reported by Check Point from 2020-21, many of them are being orchestrated against public-owned entities, but why?

Public sector now regarded as a high-value target by bad actors

The public sector might serve up easier targets than the private sector due to outdated technology, poor funding, inadequate training or a combination of the three, but is it lucrative enough to attract cybercriminal organisations?

Data has value. It can therefore be extorted or sold on for profit. If a group of bad actors was to steal thousands of people’s credit card details by hacking into a private organisation such as a bank or online retailer, they’d fetch around $20 per record if auctioned off on the dark web.

If, however, the same group were to attack an NHS trust in the UK and steal individuals’ medical information, their potential profit would soar and net them more than $480 per record. And that’s not even taking into account the amount they could extort from the targeted trusts themselves. This isn’t helped by the fact that public sector organisations are often comprised of siloed data behemoths, so if a malicious actor is able to exploit a gap in their defenses, the “payouts” are often huge.

The sector needs to think more carefully about resourcing

Unlike in the commercial world, public sector organisations aren’t profit-driven and can’t easily justify the increased IT spend as a mere preventative measure. A year after the infamous WannaCry attack in the UK, which held NHS computers to ransom, the government agreed a $207 million deal with Microsoft to equip all NHS computers with the latest Windows 10 operating system and ensure that all security settings were up to date.

This is all well and good, but it took a catastrophic breach that put individuals’ medical records at risk to get budget approval. The public sector is, almost by definition, reactive instead of proactive when it comes to digital transformation. It’s there to serve, not to profit and this leaves it vulnerable by default. 

Part of that vulnerability is no doubt due to loss of control through third-party outsourcing. On the face of it, the cyber capabilities of the public sector and its employees are stronger than some of these incidents might suggest. To run with the UK as an example, the government’s own annual report says the public sector is actually surprisingly confident when it comes to performing advanced cybersecurity tasks.

While a quarter of all businesses say they aren’t confident when it comes to penetration testing, for instance, more than 80% of public sector organisations are more than confident in their testing abilities. Similarly, one in ten of all businesses say they lack confidence when it comes to user monitoring, but no public sector organisations report any such issue.

It’s only when we read further into the report, we start to see the real problems emerge. A quarter of public sector organisations have just one staff member responsible for cybersecurity and the percentage of public sector organisations outsourcing basic security functions such as firewalls, user privileges and backing up data, for instance, far outweighs that of the private sector.

More than 95% of all public sector organisations outsource their firewall configurations to a third party; more than 80% rely exclusively on third parties when it comes to incident response and recovery and almost half (48%) outsource the control of internal user admin rights which, unless they have a very close relationship with their third-party IT partner, could have devastating security repercussions. So while the public sector might be confident in its cyber capabilities, that confidence might be ill-placed.

Good money after bad

In case you haven’t spotted it, the common theme here is a lack of internal resources and control. The technology is available, but only if the public sector is willing to continue putting up with the ‘technology debt’ it’s accruing through its overdependence on outdated internal tech and external cybersecurity solutions.

With a threat landscape that’s currently outpacing many private organisations’ capabilities, governments need to start thinking very carefully about their cyber security budgets, how much of their security solutions are outsourced and how they can increase their risk posture in 2021 and beyond without continuing to throw good money after bad. Some vital steps organisations could take include:

  • Preventing advanced persistent threats and zero-day attacks

The implementation of integrated and in-depth protection that enables a public sector organisation to detect and respond to multiple attack vectors simultaneously is crucial in 2021. They should choose an integrated solution that uses not only antivirus and IPS protections, but also anti-bot and firewall technology. Using real-time intelligence will also protect against zero-day exploits like the SolarWinds breach.

  • Continuous monitoring and diagnosis

Public sector organisations are unique in that they often need to maximise security across borderless networks. To shed light on malicious activity, 360-degree visibility and the ability to continuously monitor IT real estate in real-time are absolutely crucial. We’re past the point where businesses can simply wait until an audit rolls around to expose any vulnerabilities; they need to be proactive with things like penetration testing and security configurations.

  • Cross-device security

User endpoints have increased dramatically over the past decade and it seems more devices are always being added into the mix. Public sector organisations must use integrated security that leverages single-protection architecture for mobile devices like smartphones, tablets and laptops.

Check Point Software recently hosted a webinar entitled: “The State of Cybersecurity: Public Sector 2021” with experts from the field of cybersecurity in the public sector.  To access the webinar on-demand visit:

1-ISJ- Check Point Research shows global trend towards lucrative public sector targets
Ram Narayanan

By Ram Narayanan- Country Manager at Check Point Software Technologies, Middle East

Receive the latest breaking news straight to your inbox