Public sector organisations are more vulnerable to cyber-attacks during the COVID-19 pandemic as a result of the rapid shift to the cloud and staff working from home, according to Verizon cybersecurity experts.
The 13th edition of Verizon Enterprise Solutions’ annual Data Breach Investigations Report saw the company’s team analyse more than 32,000 cyber incidents, with nearly 4000 of these being confirmed breaches.
It paints a common picture of the cybersecurity threat space from recent years, with the majority of attacks being financially motivated and carried out by external actors, despite public perceptions about the prevalence of insider attacks and cyber espionage.
Several local organisations and agencies participated in the report, including the Australian Federal Police and the Victorian government.
Of all the breaches analysed, 70 per cent were undertaken by external actors, with more than 85 per cent being financially motivated. Most breaches were involving either credential theft, social attacks or human error, with personal data being obtained in nearly 60 per cent of all attacks.
For public sector agencies, ransomware was especially problematic, with many breaches down to human error.
This meant these organisations needed to be particularly careful during the pandemic, with many moving data to the cloud and employees working remotely, Verizon operations director of network security Prescott Pym said.
“People might be trying as part of digital transformation to spin resources in the cloud for a bit more agility and scalability. At the moment with the crisis we’re seeing a lot of organisations having to pivot how their IT applications are actually running,” Mr Pym told InnovationAus.
“We’re seeing an uplift in the amount of scannings for web services and remote desktops as attackers are trying to take account of the current global situation.”
The public sector needed to improve security training and lift awareness among all staff, the Asia Pacific managing principal at Verizon’s Threat Research Advisory Centre Ashish Thapar said.
“There’s a need for improved training and security awareness – I’m a big advocate of the thinking that you can patch a machine, but you can’t patch a human,” Mr Thapar told InnovationAus.
“You need to take these important personnel as importantly as a public organisation would look at a tool,” he said.
“Public sector organisations should be very careful in terms of their architecture. COVID-19 has resulted in a very forced digital adoption, so a lot of the threat surface has increased in terms of exposure for these organisations.
“They should definitely invest in ensuring they have secure configurations. A stitch in time saves nine, and secure configurations at the start goes a long way when looking at data breach notifications.”
The Verizon report also breaks down the incidents by geographic region. In APAC, the majority of breaches were financially motivated, Mr Thapar said.
“There’s also a higher than average rate of cyber espionage breaches in the region. APAC is the backbone of the world for heavy manufacturing. In those kinds of situations, those secrets and insider information is worth any amount of dollars you can think of,” he said.
“With COVID-19 we are expecting because of the research behind this effort, that will drive even more espionage in this region again. We do expect things will turn a bit towards more espionage-related incidents in the region.”
The local attacks saw credentials most commonly taken, with this data then used by the hackers to access other services, Mr Pym said.