Growing threat: cyberattacks on local authorities and public agencies

The digitisation of public services is expanding, and so is the attack surface for cybercrime. A lack of resources and limited risk awareness hinders the protection of local IT systems.

Growing threat: cyberattacks on local authorities and public agencies

The latest report on the state of IT security in Germany by the Federal Office for Information Security (BSI) paints a troubling picture: cybercriminals are increasingly targeting local authorities. The reason? Public agencies often have insufficiently protected IT systems. This makes municipalities attractive targets for cybercriminals. Such attacks not only jeopardise the functionality of public services but also undermine citizens' trust in digital administration.

Municipalities in the crosshairs of cybercrime

Whether through targeted ransomware attacks or phishing campaigns, assaults on public agencies and municipal IT service providers are steadily increasing. As the digitisation of public services grows, so does the attack surface. Cybercriminals exploit vulnerabilities in IT infrastructure to steal data, block systems, or demand ransoms. Small to medium-sized municipalities are particularly at risk, as they often lack the resources needed to combat this growing threat.

Challenge: resource shortages

Many public agencies recognise the need for action, yet they often lack the resources to close all security gaps. Alongside technical deficits, organisational challenges also play a significant role. Projects to enhance IT security are frequently delayed or perceived as overly complex, giving cybercriminals an easy opportunity to strike.

The most common challenges include:

  • Resource shortages: Insufficient time, budgets, and IT professionals to implement comprehensive security measures such as encryption solutions.

  • Lack of risk awareness: Decision-makers often underestimate the danger of cyberattacks or fail to recognise legal requirements.

  • Complexity of solutions: Security measures are seen as too complicated or inaccessible, reducing their adoption in daily operations.

Long-term consequences

Attacks on public agencies are no abstract threat; their consequences are real and often severe. System outages can paralyse entire administrations, while the loss of sensitive data can have devastating impacts on both citizens and agencies. The key risks include:

  • Data leaks and manipulation: Sensitive information may be intercepted or altered.

  • Identity theft: Personal data from citizens can be misused by criminals.

  • Reputation damage: Data breaches erode trust between agencies and the public.

  • Compliance violations: Inadequate data protection can lead to legal repercussions.

One particularly concerning aspect is the loss of public trust. When agencies experience data breaches or fail to respond quickly to IT outages, citizens are left with a sense of insecurity—another obstacle to the already slow pace of digitisation.

The path to greater security: solutions for resilient public agencies

Faced with these threats, public agencies need a clear plan to enhance their IT security while maintaining operational capability. The good news: there are proven measures that can be implemented immediately without overly disrupting internal workflows. These solutions have demonstrated their effectiveness:

  • Simple and user-friendly encryption: Security solutions must be intuitive, avoiding complicated configurations and certificate exchanges.

  • Ensuring compliance: Agencies should use legal frameworks such as GDPR, IT-SiG 2.0, and OZG 2.0 as a basis for IT security strategies.

  • Alternative communication channels: Browser-based platforms provide secure, redundant communication infrastructure, even during IT outages.

  • Training: Regular training ensures employees can effectively use security solutions.

  • Emergency plans: Resilient communication concepts and incident response teams maintain functionality even during an attack.

Each of these measures not only improves security but also strengthens administrative resilience. It's especially crucial to choose solutions that are easily accessible to all employees, ensuring smooth implementation.

Building trust through resilience

The growing number of attacks on municipalities underscores that IT security in public agencies is more than just a technical issue. It directly affects the functionality of public services and citizens' trust in their administration. Agencies that invest now in secure and resilient IT infrastructures not only lay the groundwork for protecting sensitive data but also bolster the overall process of digitisation. The BSI’s latest report is a clear warning that all stakeholders in public administration must take seriously.

Image: Aleksandr Lupin/shutterstock.com