How can government officials stay protected against ‘hack-for-hire’ cybercriminal gangs’

By Tom Kidwell, Co-Founder, Ecliptic Dynamics and former British Army and UK Government intelligence specialist and internet infrastructure security professional for the public sector

The cybercrime industry has been growing at a staggering rate in recent years, with organisations and individuals across every sector affected. The Government has been put on high alert from potential state-backed cyberattacks as political tensions continue to rise, including possible threats upon the safety and security of politicians and national critical infrastructure. And, recently the Government announced a new strategy to protect the NHS from cyberattacks.

Some of the most notable attacks include the NHS 111 attack that occurred last year, which crippled emergency services across the health service, and the phishing attack on Scottish MP, Stewart McDonald, back in February 2022, which publicly exposed his private work emails. In addition to this, a sting operation recently revealed that Indian hack-for-hire gangs were targeting UK politicians.

These are just a few examples of how threat actors are preying on the public sector which is expected to increase year on year. A recent report found that nearly 47 per cent of data breaches in the public sector weren’t discovered until years after the initial attack, and the overall cost of cybercrime to businesses is set to reach $10.5tn a year by 2025, making it one of the largest economies in the world, and one of the most lucrative types of crime globally.

For government officials or other public sector professionals, the hack-for-hire groups will be of particular concern. Often cyber groups adopt a ‘get in where we can approach’, using simple attack vectors such as phishing. They target whoever they can with fake emails and communications, hoping someone, usually on a company work device, will open a link, installing ransomware or other malware. However, with these hack-for-hire groups, they are incredibly targeted, not only going after specific organisations, but specific people within them. And on top of this, due to current conflicts around the world, foreign states are becoming increasingly involved in cybercrime, with many commissioning malicious activity against other countries; again, placing a target on the back of government officials.

So, government professionals need to know how to protect not only their organisation, but also themselves. Here are a few of the best practices professionals can implement to keep themselves secure:

Two Factor Authentication (2FA)
2FA is probably the most effective cybersecurity practice that can be instantly implemented. It is an access management control method, which forces users to provide two forms of identification to access a network, environment, account, or data set. The concept is centered around having something you know (username and password) and something you have (a code or token on your mobile). This means that even if a malicious hacker compromises your work email login credentials for example, they still need access to the unique authentication code that is sent to your trusted device.

Check suspicious links
Even if an email comes from a trusted sender, there’s always the possibility that they themselves have been breached, and the link you’ve just received from them is malicious. As with many walks of life government, officials should trust their gut when it comes to cybersecurity. Does something seem off? Is this a strange email to receive from this individual? Have they used your full name, when they normally use a shortened version?

If you’re thinking about these things, always check the link. You can do this using phishing tests or link scanners, however sometimes an even easier way is to pick up the phone and verify the communication with the sender. In some ways this is similar to 2FA.

Isolate your sensitive work
Malicious hackers will likely be looking to access your work communications or data, sometimes targeting something specific for the purpose of blackmail or extortion. That’s why it’s crucial to keep more sensitive information and data isolated. This can be done using a different device, or segmenting your data, implementing different access pathways for each part of it. It’s also important to ensure that when browsing the web, or opening sensitive communications, that your work device is also protected. Using ‘virtual machines’ or web isolation platforms means that if you do click on a malicious link, or accidentally download an infected asset, all of the risk is contained, with the software and IT provider absorbing the risk and removing it from the user and their organisation.

What’s more, with web isolation platforms, the user has zero footprint online as the virtual computer is rebuilt entirely from scratch, daily, destroying any viruses – malware, trackers and online activity related to the user’s work, making it almost impossible to track a user online, leaving government officials to go about their work freely and safely.

The public sector remains a top target for cyber gangs, mainly due to the highly valuable and sensitive data it holds, and the vital role public sector officials and organisations play in society. A crippling attack on critical public infrastructure is a real risk, especially with geo-political tensions high since the war on Ukraine. Despite this, there are steps government workers can take to protect themselves and the organisations they represent. 2FA, checking suspicious links and isolating your work are key, however, to enable these things to happen means ensuring that government workers are cybersecurity savvy, trained in knowing what cyber defence procedures to follow. Organisations should have proper governance and control measures in place for officials to abide by as well as an incidence response plan to observe, should a breach occur. It’s a three-step approach – People, Processes and Technology – and following those will help to keep your government officials and organisation secure.