A new report by the EU Agency for Cybersecurity (ENISA) indicates a worrying increase in cyber incidents on the public administrations of the European Union member states. The increase in the volume of primary disruptive and data-compromising cyber attacks. This includes the highly impactful distributed denial of service (DDoS) attacks, which are a case for concern.
The public administration sector comprises 38% of all recorded incidents
DDoS attacks are the most prevalent type of incident,ย accounting for 60% of all incidents in the sector.
- Following the DDoS incidents, data-related incidents (including breaches and exposures), 17.4% and 1% respectively, are the next prevalent threats.
- The central government bodies are the most targeted, receiving 69% of all incidents in the public administration sector.
- Hacktivists are ideologically motivated and are responsible for 63% of incidents, surpassing cyber criminals and state actors.
Public administrations offer core services, such as education, healthcare, and law enforcement, and hold enormous data on citizens. ENISA highlights the critical importance of this sector to the EU economy and elevates the risk. Furthermore, as the new NIS2 Directive is rolled out in stages, EU Member public bodies will have increased regulated cybersecurity measures to meet.
The public administration sector is โin the early stagesโ of developing resilience under NIS2
NISA recognizes that public administrations have limited cyber defenses but may be the target of attacks due to the accumulation of high-value data and the feasibility of digital cybercrimes. Even if DDoS attacks are low-impact and short-duration events, they may cause lasting reputational damage that public administrations may not recognize and are not able to mitigate.
Such attacks may provide the cover for subsequent, more damaging attacks, including ransomware and multi-extortion attacks.
Public administrations are likely to be targeted by DDoS attacks of cascading consequences because they provide the public with access to the state and its digital services. DDoS attacks are frustratingly common, and while they do not often result in significant outages, they can be annoying to the public.
There have been recent attacks against DDoS against the websites of ministries, the parliamentary legislative portals, and other national public administration entities.
Public administration sectors have been victims of data breaches
ENISA cyber reports indicate that the vulnerability of state systems and law enforcement is significant, but the data held by public administration is not actionable.
ENISA encourages public administrations in the sector to take actionable steps as outlined in the ENISA report. Public administrations may deploy always-on cyber resilience DDoS protective strategies, including CDNs, WAFs, DNS failover, and structural cyber resilience.
ENISA incorporates multi-factor authentication, privileged access, network segmentation, and EDR for cyber stakes as actionable steps within the administration sector.
Public administrations are encouraged to improve cross-border integrated shared service systems and the incorporation of cyber-related systems under the EU Cyber Solidarity to coalesce.
Public agencies can take various measures to improve their cyber resilience to DDoS attacks
For citizens, the importance of DDoS attacks and data grounding attacks on public services is that they can affect the trust citizens have in, and the functionality of the services they provide on a day-to-day basis, such as tax payment, school registration, healthcare access, and law enforcement.
When the digital systems that a government uses to provide services are vulnerable to attacks, the governmentโs and the publicโs trust in the services are jeopardized.
The most recent cyber activity findings from ENISA show that most public administrations in the EU are experiencing a significant increase in cyber activity, primarily comprised of DDoS attacks, and to a lesser degree, attacks on public administration data. Cyber resilience is a priority, considering the department is categorized as NIS2 โhighly criticalโ. Cyber threat activity is evolving, and so is the activity to mitigate those threats.
