Headlines in both mainstream and tech media are ablaze with cautionary tales and exclamation points: government and public sector websites are big security targets now -- and in the future. Germany’s defense minister, for example, has sounded the alarm: cybersecurity has to be a priority because attacks targeting governments will grow in frequency and severity and may even threaten global stability on several fronts: geopolitical, environment, technological and economic.
It may sound like overreaction, but the evidence bears out the trepidation. The United States has, according to research, faced at least 156 large-scale cyberattacks between 2006 and 2020, which have included attacks on various public sector and government agencies, including those responsible for defense and security. For example, in May 2020, the US National Security Agency revealed that Russian hackers had exploited a bug in a common email server to steal sensitive data from American organizations. The US and its public sector entities are not alone: the aforementioned Germany, the United Kingdom, Australia and India have all fallen prey to significant cybersecurity incidents.
If predictions come true, the scope and scale of these kinds of attacks is going to worsen. Ransomware attacks are running rampant (particularly in critical infrastructure and services spheres, such as public health and hospitals), data breaches are becoming larger and more frequent (for example, a recent breach at the US Small Business Administration that exposed more than 8,000 small business records), and waves of DDoS attacks and outages that, according to Kaspersky data, have targeted government, education and coronavirus information sites during Q1-Q2 of 2020.
Repelling cyberattacks where possible
Security stakes are high for public sector and government entities, and while preventing every cyberattack will never be possible, it is possible to safeguard against many kinds of attacks as well as be vigilant with real-time monitoring to catch anomalies before they have a chance to do real damage. One big component of this requires educating internal personnel about cyberattacks and how to avoid human-initiated security catastrophes, such as phishing attacks, which are always on the rise.
The other major component of repelling cyberattacks is designing and deploying a comprehensive cybersecurity strategy that includes, in part, solutions for:
- Data and cache encryption
- Web application firewall
- DDoS and cache poisoning prevention tactics
- Front and backend TLS transport
- Security by design architecture
If you’d like to find out more about how Varnish can help with public sector IT security and safeguarding content and service delivery, get in touch or take a look at our e-book, Under attack: Online security in unstable times.