News
Panda Security ensures privacy protection in public administrations
September 2016 by Marc Jacob
PandaLabs, Panda Security’s anti-malware laboratory, has presented a whitepaper on “Privacy in Public Administration”; detailing numerous cyber-attacks on countries that could almost have come from a science fiction story.
Theft and misuse of data
Use of information and communication technologies in general, and specifically online government services, are key factors in the way the public sector is changing. Technological advances have made it possible to store personal data in digital format, a great benefit to users, but also a highly-prized target for cyber-criminals.
Take the case of Shalom Bilik, an Israeli government sub-contractor, who in 2006 stole the personal details of 9 million Israeli citizens and put them up for sale.
Politically-motivated attacks
New crimes including cyber-terrorism, cyber-espionage and hacktivism are on the rise. The secret phase of the cyber-war against Iran began during the last decade with espionage carried out by the US and Israeli intelligence services.
With just three months to go before the US elections, the FBI has confirmed the hacking of at least two electoral databases by foreign hackers who have extracted voter information from at least one of them. This is just one of the latest recorded cases of hacktivism.
The solution for adapting to the change
The emergence of new players from different backgrounds and with varying motivations combined with their ability to act in any security dimension, hinders the identification of aggressors and decreases the ability of countries to adequately respond. Current legislation is not adapted to the new cyber-crime dynamic or to new technological or data management demands.
To prevent new attacks on public agencies, a common regulatory and legislative framework is needed, with responsibilities shared between states. One such example is the new regulatory framework passed in the EU in 2016.
For public institutions, success in ensuring cyber-security lies with meeting certain requirements:
• Having real-time information about incidents and security holes related to data security.
• Compliance with Article 35 of the "General Data Protection Regulation" on data protection.
• Reporting all possible transfers of data files to foreign countries.
• Safeguarding delegation to other processors, i.e. deleting of data, meeting reporting and notification requirements, and the maintenance of file transfer activities.
To this effect, the implementation of advanced technologies such as Adaptive Defense, as a complement to traditional antivirus solutions, enables compliance with these, since Adaptive Defense offers guaranteed security against threats and advanced targeted attacks.
