How authorities can protect themselves against cyberattacks

The public sector targeted by attacks and obligated to regulation compliance

DriveLock in practise
Use Case | Public sector

The public sector as a target for cyberattacks

The following are just a few examples of the challenges that digitisation poses to public institutions and authorities: millions of sensitive personal data are vulnerable, legal security regulations require compliance, the ever closer networking of public bodies, authorities, offices and the high relevance of fast administrative processes to the satisfaction of citizens. 

"Local authorities hit by 800 cyber attacks every hour"

source:, 3rd Oct 2019


Digitisation of administration: between opportunity and risk

In public administration (state authorities, district offices and municipalities), sensitive personal data is stored, including 
  • addresses,
  • marital status and religion,
  • ID card numbers and identification numbers (e.g. tax numbers). 

This data is particularly valuable for attackers since it can be used to capture complete identities

The digitalisation of public institutions and authorities is in full swing:
Public administration has become increasingly networked in recent years. If one system is broken into, it can also be "poached" in systems of other administrations and malware can spread extensively and fast.

"Local authorities hit by 800 cyber attacks every hour"

Local authorities and councils in the UK have reported being hit by more than 263 million cyber attacks in the first six months of this year [..]


The electronic offer to citizens or communication with authorities via online portals has been significantly expanded in recent years. In some cases, only the electronic way of submitting data is still offered. 

In many areas, however, the modernisation of computer and operating system equipment has not yet been completed. Until then, there are still weak points which, if patches are not applied, become a gateway for hackers. Authorities are obliged to comply with the legal provisions of the data protection regulations (e.g. GDPR in the European Union, APP - Australian Privacy Principles) and individual country-specific standards for cyber security, e.g. the Essential Eight Maturity Model in Australia. In addition, in various countries, eGovernment laws are in place which regulates the duties of the authorities and requires protection concepts and mechanisms for their digital systems.





Why is DriveLock the right partner?

Learn more about IT security in the public sector in our free whitepaper.


Whitepaper It Security in the public sector



Why is the public sector particularly lucrative for attacks?

  • In public institutions, numerous extremely sensitive personal data are stored in electronic files
  • Administrative procedures are becoming increasingly digital
  • The information offers profit-oriented cyber organisations a lucrative breeding ground for data manipulation, identity theft and misuse
  • The confidentiality of data and information, e.g. in police and ministries

    Why the public sector, such as public authorities, offices and municipalities, is targeted by cyber attackers


What are the requirements regarding data processing and data security?

Interface control or device control to external storage media such as USB sticks 

Ensuring the integrity and encryption of personal data

Prevention and response to attacks

Secure authentication and authorisation procedures, e.g. two-factor authentication and integration of existing user directories (Active Directory)

Monitoring and logging of all accesses and changes in the system

Sensitisation of employees and avoidance of human misconduct

Whitepaper for free download:

Request the whitepaper "IT Security in the public sector":


How can DriveLock be used for effective prevention?


Do you have questions about our solutions for the public sector

Write to us - we will gladly answer your questions.