Digital government and cyber security issues in 2023

Published on June 29, 2023

The current age is characterized by a wealth of technological advancements and interconnectedness… allowing for seamless communication and access to information.

And… while these developments have revolutionized various aspects of our lives, they have also created a breeding ground for cyber threats.

And who’s more vulnerable? Governments!

They possess a wide range of critical information, including national security intelligence, personal data of citizens, classified documents, and sensitive diplomatic communications.

The consequences of a security breach within a government entity can be far-reaching – impacting not only national security but also undermining public trust and potentially leading to severe economic and social repercussions.

A look at the current reality

Since 2001, the number of victims has skyrocketed by a staggering 16 times, painting a grim picture of our vulnerability.

As we all know, the situation worsened during the COVID-19 pandemic, as cyber-attacks exploded globally by a jaw-dropping 125% through 2021.

No one is safe, but let’s not forget that government bodies are like shiny magnets for criminals, with a mind-boggling 95% surge in cyberattacks on government agencies recorded between 2021 and 2022, according to a recent report by CloudSEK XVigil.

What are the usual suspects behind breaches in the public sector?

Well, they typically involve cunning social engineering tactics, invasive system intrusions or the good old-fashioned loss or theft of precious assets like laptops and cellphones.

Interestingly, a whopping 85% of these breaches originated from actors within the organization itself, aligning the public sector with prevailing trends across industries.

So, why do these attackers target public administration entities?

Money, of course!

About 68% of the breaches were driven by the insatiable thirst for profit.

But that’s not all – espionage ranked as the second most common motivator, accounting for nearly a third of all breaches.

It seems the allure of confidential information is irresistible to some.

As for ideological motivations, they represented only a tiny fraction, reminding us that greed and personal gain tend to overshadow lofty ideals.

Challenges impeding the government’s efforts to strengthen its data security

Skills shortage

One of the major obstacles hindering government institutions in strengthening their data security is the shortage of skilled personnel.

Finding and retaining individuals with the necessary expertise and integrity to fill cybersecurity roles is often a challenging task.

Unfortunately, candidates who are willing to accept lower public salaries are frequently underqualified, while some applicants may have questionable backgrounds that raise concerns about their trustworthiness for the job.

Compounded by limited internal resources for training new recruits, IT departments struggle to maintain the status quo, let alone keep pace with emerging threats.

According to a 2022 report by Verizon, a staggering 82% of security breaches in organizations are caused by or involve human error to some extent. However, industry experts emphasize that proper training can significantly reduce this risk.

Legacy systems

One of the persistent challenges faced by government institutions is the use of outdated resources and systems.

Many departments still rely on antiquated computer software, commonly referred to as “legacy systems.”

These systems, once considered state-of-the-art, have fallen far behind in the face of advanced tools and strategies employed by cybercriminals.

Consequently, these outdated software systems have become vulnerable targets, placing every government that utilizes them at risk.

High value information

Governments possess an extensive array of high-value information, ranging from tax records and social benefits usage to employment details, social security data, healthcare records, and beyond.

In fact, they arguably hold a comprehensive profile of individuals that rivals even their own self-awareness.

While most countries have robust internal policies and practices to safeguard citizens’ sensitive information within government departments, the same level of protection doesn’t always extend to computer systems.

These systems can be susceptible to attacks at any given moment, as they often lack the necessary security measures to effectively combat modern and evolving threats.

What can public entities do?

In order to effectively address the ever-evolving landscape of cyber threats, government organizations must adapt their cybersecurity policies to keep pace with technological advancements.

These policies should thoroughly encompass the risks faced by the organization and outline the best practices to mitigate them.

As new threats emerge, adjustments need to be promptly incorporated into the existing framework.

Protection must be comprehensive, addressing both external threats and internal vulnerabilities.

While awareness is a crucial first step, it is only one piece of the puzzle.

Ongoing vigilance, regular policy reviews, and proactive adaptation to emerging threats are equally important components in safeguarding government entities from potential cyber threats.

About the Author

Mohammad J Sear is focused on bringing purpose to digital in government.

He has obtained his leadership training from the Harvard Kennedy School of Government, USA and holds an MBA from the University of Leicester, UK.

After a successful 12+ years career in the UK government during the premiership of three Prime Ministers Margaret Thatcher, John Major and Tony Blair, Mohammad moved to the private sector and has now for 20+ years been advising government organizations in the UK, Middle East, Australasia and South Asia on strategic challenges and digital transformation.

He is currently working for Ernst & Young (EY) and leading the Digital Government practice efforts across the Middle East and North Africa (MENA), and is also a Digital Government and Innovation lecturer at the Paris School of International Affairs, Sciences Po, France.

As a thought-leader some of the articles he has authored include: “Digital is great but exclusion isn’t – make data work for driving better digital inclusion” published in Harvard Business Review, “Holistic Digital Government” published in the MIT Technology Review, “Want To Make Citizens Happy – Put Experience First” published in Forbes Middle East.

More from Mohammad J Sear