Authored by: Nick Itta VP, APAC, EfficientIP
As governments approach their budget announcements for the year, their focus on spending will have changed drastically from previous years, as they reckon with an increasingly distributed citizenry, and a different threat environment to their IT systems. All this is happening, as they forge ahead with digital government initiatives and are faced with treading the delicate balance of ensuring an engaged citizenry. Holding on to citizen data, ensuring a safe environment for it, as well as upgrading its systems, is a delicate balance to tread.
In the recent years, beyond local government, regional initiatives have been introduced to govern privacy, in acknowledgement of the changing and dynamic threat environment. An example is the Association of Southeast Asian Nations (ASEAN), which has held summits on cybersecurity – known as the ASEAN Ministerial Conference on Cybersecurity; and in 2019 announced a formal cybersecurity coordination mechanism. As Southeast Asia is steadily building its digital infrastructure and ensuring its resilience, governments are keeping on with digital government initiatives, ensuring they are ahead of the curve with digital means of interacting with private citizens.
However, according to the EfficientIP Global DNS Threat Report in 2020, damages from attacks on the government sector have risen 14% to an average of USD 636,130 per attack, with one in five of the government sectors experiencing more than 10 attacks per year. The report also indicates that more than 78% of government organisations have been victims of DNS attacks within the last 12 months. It appears that government organisations are most vulnerable to certain DNS attack types, compared to companies in other sectors, where 42% of government organisations experienced DNS-based malware (compared to an average of 34%). 24% experienced lock-up domain attacks (compared to an average of 18%). In Singapore, 29% of the cyberattacks targeted education sector, second to the government.
Another common type of cyberattack faced by almost one-third of government agencies is Denial of Service (DDoS) attack, which potentially causes widespread disruption to local and central government’s network traffic and significant website and application downtime. Government organisations also had the highest cloud instance misconfiguration abuse at 22%.
Government sectors suffer significant consequences from DNS attacks, which cause reputational damage and losses from their most treasured stakeholders – consumers, the public, and businesses. According to the EfficientIP 2020 DNS Threat Report, governments are particularly vulnerable to in-house application downtime, with almost two-thirds reporting this. Half also experienced compromised websites and cloud service downtime due to the attacks. They are more vulnerable because threat actors obtain access to large amounts of highly personal information – mostly consumers - through DNS breaches. Exfiltration of data via DNS is very common, and largely goes unnoticed by firewalls as they are incapable of performing the necessary context-aware traffic analysis.
As such, governments are sitting up and paying attention to the threat environment, especially as they ramp up digital transformation efforts to stay ahead of peers. Thailand, for example, has stipulated clean energy, robotics, and smart devices as part of its plan for Thailand 4.0. The Digital Economy Promotion Agency (DEPA) has also been actively promoting the creation of a digital ecosystem. In Singapore, this has been in the works in the past years, and alongside regional counterparts Korea and Japan, it has been actively making plans to deploy 5G technology for commercial and industrial use.
On average, it took government institutions almost 5 hours to mitigate an attack—a long time for government workers and staff attempting to access vital apps and services. Yet this may not be the most efficient to combat future threats, especially where they seem to be more dynamic in the face of changes. A likely solution is purpose-built DNS security incorporating auto-remediation capability, which will be able to track and resolve errors in real-time, which will better support government operations teams.
Zero-trust approach is helpful for safeguarding digital products, users, and data, especially when governments are promptly shifting towards digital and online means of interacting with the public. This has been more relevant with the launch of public digital health products, banking and financial services, and especially contact tracing in the pandemic era.
DNS security remains particularly vital for government institutions, particularly beneficial for government institutions to hold public data without risking leakages by threat actors. Consequently, EfficientIP’s findings revealed 25% of government institutions surveyed see analysis and monitoring of DNS traffic as a top priority for protecting data confidentiality, helping to fight ransomware. Out of those surveyed, 27% have already run or piloted Zero Trust, four of five leverage DNS domain filtering, and 47% recognise the value of information on DNS security, so are sending it to SIEM solutions to simplify and accelerate threat remediation.
As we see the heightened deployment of 5G for commercial purposes in the region, DNS security will be core to governments’ strategy to digital resilience for the new decade and beyond, as we approach smart cities and digital government.