Cybersecurity considerations 2024: Government and public sector

In every industry, cybersecurity stands as a paramount concern for leaders. Yet, for government and public sector organizations, the game of digital defense takes on a whole new level of intensity. The reason? The sheer volume and sensitivity of the data they manage, which can amplify the potential fallout from any breach. These agencies are the custodians of a vast array of personal and critical data, spanning from citizen welfare to public safety and national security. A misstep in cybersecurity could spell disaster, jeopardizing not just data, but the very health, safety and security of the citizens they serve.

While both public and private sectors face cybersecurity challenges, the public sector tends to be more exposed in this ever-evolving threat landscape. Public sector entities typically have complex information technology (IT) infrastructures comprising diverse systems and legacy technologies, some of which may have been initially set up decades ago. Research from KPMG’s Global Tech report 2023: Government and public sector insights reveals that a risk-averse internal culture is one of the sector’s top digital transformation challenges: 69 percent of government respondents say that a lack of understanding or trust of new technologies makes them less confident about investing. Despite a recent push to transition these systems to modern, secure regimes, adversaries have many vulnerabilities to exploit, especially at weak links. With growing geopolitical tensions, nation-states are more likely to take advantage of this opportunity, leveraging emerging technology (such as artificial intelligence (AI) and deepfakes) along with targeted misinformation to cause maximum disruption.

With the range of challenges, proactive behaviors to plug gaps and the right cultural mindset in organizations will be key. At the same time, the growing use of modern digital tools and emerging technologies also presents an opportunity to build security and resilience in from the outset, thereby reinforcing confidence and trust in public institutions, something that is irreplaceable. There is also an opportunity to facilitate greater engagement and convenience for the public while improving security. Based on insights from the same report, most government and public sector respondents believe that their tech is already playing an instrumental role in building resilience (90 percent) and meeting increasingly demanding regulations (87 percent).

This article delves into the pivotal cybersecurity considerations for the government and public sector. It offers valuable perspectives on critical focus areas and provides actionable strategies for leaders and their security teams to fortify resilience, drive innovation, and uphold trust in an ever-changing environment.

Consideration 1: Supercharge security through automation

For the public sector, enhanced security through automation is less a choice and more an imperative for multiple reasons. Firstly, the public sector is not immune to the global skills shortage in cybersecurity. It often has to compete with the private sector to retain talent with the required knowledge and expertise. The public sector tends to lose talent to the private sector, creating a vacuum of knowledge and expertise.

Secondly, in many countries, the public sector is constantly under pressure for being too big. By investing in security automation, public sector organizations can help improve operational efficiency, reduce manual errors and optimize resource utilization, ultimately enhancing overall productivity and effectiveness. Automated processes play a key role in helping to ensure ongoing compliance, as they can be updated to reflect new regulations more swiftly and consistently than manual processes.

Lastly, public sector organizations are increasingly expanding their digital presence and adopting new technologies. This can bring enhanced efficiency but also greater complexity. As agencies scale their security operations more effectively, they should be able to adapt to evolving threats and technologies without significantly increasing costs.

Complexity of security ecosystems – Automation typically entails integrating various existing tools, systems and processes. This is complex and requires thorough coordination. Compatibility issues, competing data formats and a lack of standardized interfaces can hinder seamless integration.

Skills and resource gaps – Implementing automation within security processes requires specialized skills and resources around different technologies, programming and scripting. Many companies should ramp up or acquire their ability to effectively design, implement and maintain these solutions.

Lack of awareness and adoption – Many organizations simply do not see the benefits of security automation or may be resistant because of perceived risks. Overcoming these challenges and fostering buy-in from stakeholders can be critical for a successful implementation.

Advanced predictive analytics – Machine learning and AI can help predict and preemptively counteract emerging cyber threats before they impact critical infrastructure.

Customizable security workflows – Tailored automation workflows can serve the specific operational and security needs of different government and public sector organizations.

Integrated cybersecurity ecosystems – Interconnected automated security tools can offer a holistic view and control over an organization’s security posture, including endpoint protection, network security and cloud services.

Real-time threat detection and response – As the cyber threat landscape continues to evolve, there is a greater need for automated systems that can analyze and respond to threats in real-time. With a response time that is much better than what humans alone can deliver, there is a smaller window of opportunity for attacks to establish and maintain a foothold. Many organizations still lack the infrastructure or expertise to fully leverage real-time threat response capabilities.

Scalable security solutions – With automation, scalable solutions can grow with the expanding digital infrastructure of smart cities and a broad array of public services.

Accuracy and consistency – Automation enables organizations to consistently enforce security policies and procedures, thereby helping to reduce the risk of human error and ensure continued compliance with security standards and regulations. This can also help ensure confidence in security operations’ overall accuracy and reliability, leading to a more robust security posture.

With the growing range of threats, prioritizing what cybersecurity teams should focus on is key. Chief Information Security Officers (CISOs) should filter the noise to allocate resources to the most vulnerable areas. Cybersecurity leaders can start by defining the vision and strategy for automation in the context of larger organizational goals. The next steps would be to determine execution through build versus buy decisions and ensure skills for continuous implementation.

Consideration 2: Identity is owned by individuals, not institutions

Many organizations continue to rely on manual or paper/plastic identity to process transactions, which can be inconvenient, inefficient and full of security risks. When implemented correctly, digital identity can help alleviate these concerns, providing users with a secure and privacy-respecting experience that enables them to conduct online transactions anywhere at any time. This not only helps save time and effort for the system users but also streamlines the process for the institution.

Individual ownership of identity lies at the heart of protecting sensitive information, ensuring secure access to critical services and upholding the rights and trust of account holders. Digital identity ecosystems rely on authoritative identity data to provide individuals with rights and entitlements, from healthcare and social services to education and voting.

Many organizations remain in the early stages of adapting their systems and processes to keep individual identity front and center. Integrating digital identity into broader cybersecurity and resilience strategies is not just a technological imperative, but a crucial step toward more inclusive, efficient and secure government and public services.

Privacy concerns – Digital identity challenges persist, including excessive data collection, insufficient security measures and lack of transparency. Individuals are increasingly apprehensive about the potential misuse of personal information and unauthorized access to their stored data. Moving forward, addressing these concerns will be paramount, particularly in light of the evolving regulatory landscape, which will require organizations to ensure the implementation of robust privacy safeguards and transparency measures to protect individual privacy rights.

Security risks – Digital identity systems have become a target for malicious actors because of the value of the information that is being processed. Strengthening security measures, implementing robust authentication mechanisms and protecting against unauthorized access continue to be ongoing challenges for digital identity systems.

Enabling interoperability – It is vital to ensure that identity data can be securely and reliably accessed across different systems and/or jurisdictions. Defining an approach for consistent and reliable data exchange across different services and points of care remains challenging.

User adoption – Building trust and encouraging user adoption of digital identity solutions can be challenging, especially among individuals unfamiliar with or skeptical of digital technologies. Educating users about the benefits, security features and privacy protections of digital identity can be essential to promoting broad acceptance and adoption.

Enhanced individual empowerment – Giving individuals control over their digital identities can lead to greater engagement and trust in online services, aiding the adoption of e-government services.

Innovative authentication technologies – New identity verification technologies, such as biometrics and blockchain, offer innovative ways to secure identities while respecting individual ownership. These technologies can enhance both the security and the convenience of accessing services.

Adoption of zero-trust frameworks – Identity is a key supporting pillar of the zero-trust model. By implementing a robust digital identity, organizations can make large strides toward enhancing their overall security posture with strict access controls and continuous credential validation.

Inclusivity and accessibility – Digital identity promotes inclusivity by providing equal access to services for all individuals, including those with disabilities, limited mobility or marginalized backgrounds. User-centric design principles and accessibility features help ensure that citizen services enabled by digital identity can become more inclusive and accessible to diverse populations.

Some government bodies are already leading the way on identity management by rolling out official personal digital wallets and defining minimum requirements for identity service providers. One of the keys is to maintain a flexible approach that accommodates emerging technologies and new regulations.

Consideration 3: Cybersecurity and resilience aren't mutually exclusive

Cyberattacks and security incidents can disrupt critical government and public services, leading to significant economic, social and political consequences. As government agencies collect, store and manage vast amounts of sensitive information, including citizen records, financial data and national security intelligence, cybersecurity is integral to public safety and national security.

Clearly, there are inherent risks that come with today’s digitally connected landscape. Organizations should acknowledge that many cyber incidents are inevitable and simply cannot be prevented. As such, commensurate investment across the lifecycle (i.e. prevention, detection, response and recovery) is required to help ensure true resilience in the event of a breach, so the organization can quickly contain and minimize operational disruption.

Among government and public sector agencies, the integration of cybersecurity and resilience into organizational strategy remains a work in progress, with varying degrees of preparedness across different entities. This is largely because the sector’s approach to cybersecurity tends to be more reactive than proactive, often focusing on immediate threat mitigation rather than long-term resilience planning. This is further compounded by resource constraints. With adequate resilience, government agencies can help minimize disruption and ensure operational continuity.

Integrating cybersecurity and resilience into organizational strategy – Given how cybersecurity and resilience have been seen as disparate elements, the challenge lies in embedding cybersecurity and resilience as related foundational elements in overall strategic planning.

Dynamic cyber and IT landscape – The ever-evolving nature of cyber threats, coupled with rapid advancements in technology (e.g. AI, the Internet of Things), continues to introduce new security risks and challenges for organizations. Building cybersecurity resilience requires adapting to these changes, implementing security controls and helping to ensure that security measures keep pace with technological innovations, which is often a challenge with budgetary constraints.

Compliance and regulatory requirements – Compliance with evolving regulatory requirements also presents a challenge for organizations. Meeting regulatory obligations while maintaining a strong security posture and operational efficiency requires careful planning, implementation and monitoring of security controls.

Vendor and supply chain risks – Organizations often rely on third-party vendors, suppliers, and service providers for critical infrastructure and services. However, these third-party relationships can introduce additional cybersecurity risks. Managing vendor risks and ensuring the security of the supply chain are key challenges for building cybersecurity resilience.

Integrating cybersecurity into business processes – Building cybersecurity resilience offers a unique opportunity to closely align business objectives with cyber resilience strategies. By doing so, organizations can proactively identify, prioritize and address security risks that directly impact business continuity and success. This alignment also enables organizations to enhance overall business agility, innovation and competitiveness in an increasingly digital landscape.

Enhancing collaboration – Building resilience requires collaboration and information sharing across jurisdictions. By sharing threat intelligence, best practices and lessons learned, organizations help can improve their collective cybersecurity posture, detect emerging threats more quickly and respond more effectively to attacks.

Building the right culture – Through continuous education and training, organizations can reinforce the role various team members can play in ensuring robust cybersecurity and resilience. The key to safely accelerating tech adoption lies in filling skill gaps — ensuring government workforces are digitally literate, by keeping up to date with fast moving technology trends and hiring the best talent from the tech sector to bring digital transformation plans to life. The culture element is particularly important in the government and public sector where the human factor plays a critical role in both cybersecurity breaches and resilience measures.

For resilience, leaders are encouraged to develop a roadmap for how organizations can or should respond in the event of an attack next week, next month or next year. With periodic reviews, plans and frameworks can remain aligned with the evolving threat landscape.

Real-world cybersecurity in the government and public sector

Following significant cyberattacks like WannaCry, government and public organizations have focused on strengthening both their cybersecurity defenses and resilience. This includes investing in advanced threat detection systems, conducting regular staff training, and having robust backup and recovery processes to ensure various processes and services can continue during cyber incidents and recover quickly afterward.

Ransomware and other malicious attacks have significantly impacted companies in the government and public sector. These incidents targeted vulnerabilities in many computer operating systems and spread rapidly across networks, infecting hundreds of thousands of computers worldwide.

In the infrastructure sector, which includes critical systems such as power grids, water treatment plants and transportation networks, ransomware attacks like WannaCry highlighted the vulnerabilities of many legacy IT systems and the potential for widespread disruption.

WannaCry also significantly impacted government organizations. The attack demonstrated that governments are not immune to cyber threats and that improper security measures can have severe consequences.

In response to the WannaCry scenario, considerable focus has been placed on strengthening cybersecurity and ensuring these critical sectors are properly protected. As a result, government and public sector entities are working to enhance cybersecurity capabilities, increase budget allocations, strengthen network defenses, improve employee training and implement incident response plans. Compliance requirements and industry standards are also being enhanced to ensure data privacy and security.

Top priorities for government and public sector security professionals

In an era where digital threats are evolving at an unprecedented pace, the role of government and public sector security professionals has never been more critical. As custodians of citizens' trust, these professionals are tasked with the monumental responsibility of safeguarding the digital landscape. This involves not just reacting to cyber threats, but proactively strategizing to stay one step ahead. The following points outline the top priorities for these professionals in their quest to fortify resilience, ignite innovation, and ensure the security of the digital realm.

Strengthening cyber governance and risk management with appropriate frameworks and policies.

Proactively plan for cyber incidents with meticulous documentation, regular training exercises and continuous evaluation.

Using regulatory mandates as a catalyst for continuous improvement in cybersecurity practices.

Actively seeking and integrating innovative technologies to stay ahead of the curve.

How this connects to what KPMG professionals do

In addition to assessing your cybersecurity program and helping to ensure it aligns with your business priorities, KPMG professionals can help government and public sector clients develop advanced digital solutions, advise on the implementation and monitoring of ongoing risks, and help design appropriate responses to cyber incidents. With the well-being and safety of citizens potentially at stake, leaders should act now to integrate operational resilience and security into core business functions. Proactive behaviors, the right cultural mindset and the safe adoption of digital tools are key in helping to ensure public safety and national security.

KPMG professionals are adept at applying advanced thinking to clients’ most pressing cybersecurity needs and developing custom strategies that are fit for purpose. With technology that is secure and trusted, KPMG professionals offer a broad array of digital solutions, including cyber cloud assessments, privacy automation, third-party security optimization, AI security, and managed detection and response.