Contact Us

Public Administration (NAISC 92)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Submit View only

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

Frequency

  

3,273 incidents, 584 with confirmed data disclosure

Top patterns

  

System Intrusion, Lost and Stolen Assets, and Social Engineering represent 76% of breaches

Threat actors

  

External (85%), Internal (30%), Multiple (16%) (breaches)

Actor motives

  

Financial (68%), Espionage (30%), Ideology (2%) (breaches)

Data compromised

  

Personal (38%), Other (35%), Credentials (33%), Internal (32%) (breaches)

What is the same?

  

This sector continues to be targeted by Financially motivated external threat actors as well as spying nation-states that are interested in what their rivals are doing. Personal data remains the most often stolen data type.

Summary

  

This sector continues to make top scores in Espionage-motivated breaches. It is also rich in multiple actor breaches. External and Partner or Internal actors working together to steal data is not the kind of international cooperation we want to see fostered.

That’s no moon! 

Whether data is stolen by stealthy “weather research” balloons (death stars) floating overhead or by more conventional methods such as phishing, external threat actors are diligently gaining access to data in the public sector. Mind you, when we created VERIS to allow us to categorize breaches, we didn’t expect to see it applied to UFOs being shot out of the sky. But, until it becomes a trend, we will simply tag it as Physical - Other and call it a day for now 

The System Intrusion pattern remains high in this sector. Some intrusions are stuff that movies are made of—complex attacks against a challenging target, where the stakes are high for entire economic systems.50 We did see an increase in the Espionage-motivated actors in this pattern this year. In fact, this sector is one where the Espionage-motivated actor is consistently among the highest. 

Within the System Intrusion pattern, we saw a slight decrease in Ransomware as a tactic. This doesn’t mean you should ignore it, however, as it remains a favored method of disrupting government workings while generating income for the adversaries.

While it is possible to reach their goals by themselves, these actors are not opposed to recruiting help from within the organization. We see evidence of collusion (multiple actors working in concert) in 16% of Public Administration breaches this year. That is significant, given that we didn’t see multiple Actor breaches the past two years in this sector, and in 2020’s report, it was only at 2%. 

What’s worse than quiet quitting? 

This brings us to the point that internal actor Misuse continues to be a consistent problem in this sector. While prevalent, it is not increasing, so that is at least some good news. In fact, Misuse peaked in 2019 (of the past five years) and has decreased somewhat since then. However, the pairing of the unhappy employee with a motivated external adversary shows the continued need for detective controls. If you can catch this kind of Internal actor-facilitated attack in its early stages, you can mitigate the damage significantly.

We see evidence of collusion (multiple actors working in concert) in 16% of Public Administration breaches this year. That is significant, given that we didn’t see multiple Actor breaches the past two years in this sector, and in 2020’s report, it was only at 2%.

50 There are explosions and car chases in there too, we’re sure of it.

Let's get started.