Awareness
Public sector
IN THIS SECTION
Why cybersecurity is important?
Public administration is more and more dependent on ICT systems. The nature of the information processed in these systems makes it an attractive target for state-sponsored threat actors (so called Advanced Persistence Threat – APT Group). The goal of cyber criminals attacking public administration is usually not to cause financial losses. The primary goal usually is to disturb the operation of administration services or to obtain confidential information.
The actions taken by the public administration to protect information against cyberespionage and attacks by state-sponsored actors do not differ from the actions taken by organizations. However, the priority is the confidentiality of the processed information.
On this page you will find 5 ways to guard your organization against cyberthreats.
No security measure gives 100% certainty that we will not become a victim of the attack. Security measures are designed to make the attack more difficult for attacker and to induce him to resign.
APT Groups
Activity of APT groups pose the biggest threat to the public sector. Their malicious activity covers many organizations in this sector.
According to globally-accessible knowledge base (MITRE ATT&CK: https://attack.mitre.org/groups/) 109 groups were identified so far. Most of them conduct their activities all over the world, including the region of Africa.
APT groups are threat actors whose presence focuses on cybercriminal activity. Groups are identified through specific activities carried out in cyberspace. These groups are characterized by carrying out advanced and complex cyberattacks that are difficult to detect and usage of sophisticated malware and hacking tools. Furthermore, handling such an attack requires a lot of advanced skills from incident response teams. The vectors of attacks among others can include the use of phishing or exploitation of public-facing application (services).
Regulations
How to protect your organization?
5 ways to guard your organization against cyberthreats
1. Develop cybersecurity policy
Develop security rules that should be followed by employees, they should relate to the safe use of devices and systems, access management, physical security, etc.
2. Perform risk assessment
Risk assessment is often associated with complex mathematical methods but in principle thanks to it you should be able to answer the following simple questions:
- What are my ICT resources which supports business processes and which of them are the most important?
- What are the most value data for y organization and in which business processes they are involved?
- What are threats to our resources and data (threat actors, threat vectors)?
- What could be the impact of losing confidentiality, integrity or availability of value data on my business processes?
To assess risk to your company you can use general risk assessment guidelines or standards such as: ISO 31000; ISO/IEC 31010 and ISO Guide 73 or use standards dedicated to ICT ISO – 27005.
You can find more useful information about risk assessment, including guidelines and good practices on webpages of the Agence nationale de la sécurité des systèmes d’information (ANSSI) – https://www.ssi.gouv.fr/administration/bonnes-pratiques/ and National Institute of Standards and Technology (NIST) – https://csrc.nist.gov/publications/sp
3. Prevent threats
Prevention is about reducing the attack surface and limiting the number of TTP (tactics, techniques and procedures) an attacker can use against us.
The most common preventive measures are hardening and training. Implementation of security tools can be considered in two roles: preventive and at the same time these tools are a source of information about a potential attack, supporting detection.
4. Employees training
One of the very important elements supporting cybersecurity in an organization is employee training. This enable the transfer of knowledge to employees on the safe use of ICT devices. In addition, learning about threats and methods of protection against them reduces the probability of a cybersecurity incident resulting from human error. Training should cover all employees using computer devices, including both office workers and administrators responsible for managing IT and public administration specific systems. Training should include familiarization with cybersecurity threats, basic security principles, applicable security policies and procedures in organization. Employees should also know what to do if they suspect they have been the victim of a successful cyberattack.
5. Implement an information security management system
Information security management system (ISMS) refers to the ISO standard 27001 (Information security management) and it is a set of policies, procedures, guidelines, and assigned assets and activities, managed jointly by the organization to protect its information assets. The main task of the ISMS implementation is to protect the organization by ensuring the confidentiality, availability and integrity of all assets in the organization. Such protection takes place through the implementation of the controls described in the standard and those are:
A.5: Information security policies
A.6: How information security is organized
A.7: Human resources security – controls that are applied before, during, or after employment.
A.8: Asset management
A.9: Access controls and managing user access
A.10: Cryptographic technology
A.11: Physical security of the organization’s sites and equipment
A.12: Operational security
A.13: Secure communications and data transfer
A.14: Secure acquisition, development, and support of information systems
A.15: Security for suppliers and third parties
A.16: Incident management
A.17: Business continuity/disaster recovery (to the extent that it affects information security)
A.18: Compliance – with internal requirements, such as policies, and with external requirements, such as laws.
More information about ISO27001 you can find here: https://www.iso.org/isoiec-27001-information-security.html
National CERT
Because public administration consists of many different authorities, agencies and bodies, building a national CSIRT (Computer Security and Incident Response Team) is a good solution for protecting administration information assets and responding to potential cyberattacks. . CSIRT’s main task is detection and reaction to cyberattacks.
More information about CSIRT you can find here:
ENISA, How to set up CSIRT and SOC: https://www.enisa.europa.eu/publications/how-to-set-up-csirt-and-soc
ENISA, What is a CSIRT and how can it help me?: https://www.enisa.europa.eu/news/enisa-news/what-is-a-csirt
ENISA, Sectoral CSIRT Capabilities – Energy and Air Transport : https://www.enisa.europa.eu/publications/sectoral-csirt-capabilities-energy-and-air-transport
NIST, Computer Security Incident Handling Guide: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
FIRST Computer Security Incident Response Team (CSIRT) Services Framework https://www.first.org/standards/frameworks/csirts/FIRST_CSIRT_Services_Framework_v2.1.0.pdf
Work with CDA
We can help you to build cybersecurity in your company.
Visit our website
Stay up-to date with the CDA’s advisories relating to cyber security matters affecting the Togolese Republic and Africa.