There have been thousands of top secret documents leaked, confidential information pertaining to individuals has been stolen, cyber espionage between powerful governments has occurred, and attacks have been performed by personnel with privileged access. These are all examples that confirm that propagandistic pursuit and economic gain drive cybercriminals, and they target those who are willing to pay for the retrieval of their valuable information, such as institutions in the public sector.
PandaLabs, Panda Security’s anti-malware laboratory, presents the “Privacy in Public Administration” whitepaper; detailing numerous cyber-attacks on countries that could almost have come from a science fiction story.
Legislative Developments in Cybersecurity
The technological revolution in the public sector, the digitalization and storage of information, and the boom in online services to simplify administration for the public have led to an exponential growth in the generation, storage and processing of confidential data; data which must be treated with the utmost care. Consequently, the public sector now faces a new series of demands in risk prevention, security and legal compliance.
During the past decade, crimes including cyber-terrorism, cyber-espionage and hacktivism have been on the rise, threatening the privacy of Public Administrations, businesses and nations:
2010: Bradley Manning, a US soldier, copied 700,000 confidential documents and used WikiLeaks to publish the data. In total almost half a million records from the Iraq and Afghanistan conflicts, and more than 250,000 secret U.S. diplomatic cables.
2013: Edward Snowden, a former employee of the CIA and NSA, published top secret documents through the Guardian and the Washington Post concerning various NSA programs, including the mass surveillance programs PRISM and xkeyscore.
2016: A total of 19,252 emails (including attachments) from 8,034 servers of the US Democratic National Committee sent between January 2015 and May 2016 were revealed on WikiLeaks this July. The security company contracted by the Democratic National Committee has claimed that the hack was the work of at least two different groups of hackers linked to a Russian government agency in an action designed to favor Republican candidate Donald Trump.
Now, three months before the US elections, the FBI has confirmed the hacking of at least two electoral databases by foreign hackers who have extracted voter information from at least one of them. There is an ongoing investigation and IPs have been traced back once again to Russian hacking forums. Coincidence?
The solution for adapting to the change.
The emergence of new players from different backgrounds and with varying motivations combined with their ability to act in any security dimension, hinders the identification of aggressors and decreases the ability of countries to adequately respond. Current legislation is not adapted to the new cyber-crime dynamic or to new technological or data management demands.
To prevent new attacks on public agencies, a common regulatory and legislative framework is needed, with responsibilities shared between states. One such example is the new regulatory framework passed in the EU in 2016.
For public institutions, success in ensuring cyber-security lies with meeting certain requirements:
- Having real-time information about incidents and security holes related to data security, such as the accidental or illegal destruction, loss, alteration, unauthorized disclosure or remote transference of data.
- Compliance with Article 35 of the “General Data Protection Regulation” on data protection with regular and systematic monitoring of data on a large scale.
- Reporting all possible transfers of data files to foreign countries.
- Improving individual rights, including the right to be forgotten, and data portability across all shared data files.
- Safeguarding delegation to other processors of data deletion, reporting and notification requirements, and the maintenance of file transfer activities.
To this effect, the implementation of advanced technologies such as Adaptive Defense 360, as a complement to traditional antivirus solutions or perimeter security, enables compliance with guidelines and the technical requirements outlined above, since Adaptive Defense offers guaranteed security against threats and advanced targeted attacks on companies.
Download the Infographic here.
Download the Whitepaper:
|Edición América Latina||Edición México|
|Edição Portugal||Ausgabe Schweiz|
|UK Edition||US Edition|