Public services facing cyber attacks

Paralyzed communities, blocked administrations, threatened hospitals, these headlines are unfortunately in the news.

Cyber attacks in the public sector have been endemic for the past few years, making it the ideal prey for cyber attackers.

Digitization and the Covid-19 pandemic have played a key role in this. A government agency (or public administration) is responsible for managing a large amount of confidential information, and this data is particularly exposed.

What is the state of digital security in this sector, what does it face, and how is TEHTRIS committed to protecting it? We will try to answer all these questions.

Le secteur public, très touché par les cyberattaques

What is the level of security in this area?

Cyber findings

The BDO Cyber Threat Insights – Q4 2018 report already announced that organization of vital importance around the world were at risk due to IT obsolescence. Legacy technology leaves gaping holes in IT security. If we add the staffing problems, partly linked to the retirement of its agents, all this does not help to envisage a serene environment.

For the last 3 years, campaigns of attacks against public services have become more and more frequent. You only have to look at the newspapers to discover that not a day goes by without a health institution, a city hall, a school, a local authority, having to deal with a cyber criminal action.

In the 2017 WannaCry attack, (according to a 2019 Verizon Data Breach Report), “public sector organizations were the number one target in 19 areas examined.” In the United States, entire cities were temporarily brought to their knees by attacks on government departments, ditto in Great Britain and France. Spain is no exception. The Spanish government has contained more than 600 attacks in 2021. Spain is the third country in the world to suffer the most cyber attacks. [1]

When the crime affects a hospital, it is an entire system that is impacted, (see our article: postponed operations, patient transfers, entire departments completely disorganized.

Faced with such an outburst, some organizations are helpless.

On the one hand, financially, millions of euros are at stake. Public sector information systems directors sometimes have to choose between modernizing and innovating without impacting budgets. Most French local authorities devote less than 10% of their budget to cybersecurity.[2] Local authorities cite a lack of resources, time, and the existence of “other priorities”.

In such a tense context, IT security is given priority, sometimes to the detriment of innovation.

Technically, on the other hand, some departments must renew their equipment and acquire robust technology.

Unavailability due to an attack targeting IoT or OT would have catastrophic effects. Each sector must ensure the continuity of public service. This was the case for hospitals in Dax, Oloron-Sainte-Marie, Villefranche-sur-Saône or Assistance Publique – Hôpitaux de Paris (AP-HP) that suffered cyber attacks in 2021. In March 2020, several Spanish hospitals were in turn affected.

Other examples are flourishing in Europe:

  1. On May 14, 2021, the HSE (the Department of Health network) was hit by a “Conti” ransomware attack in Ireland.
  2. In Germany, the number of successful cyberattacks against healthcare providers more than doubled in 2020 compared to 2019.
  3. In Spain, the healthcare sector has been and continues to be one of the most affected sectors. In 2020. More than 50,000 attacks against organizations were reported in the sector, of which 375 were successful.

The health sector is often mediatized and considered highly exposed, which is true but … no public service escapes the cyber risk.

When the crime affects public bodies, such as local authorities, town halls, this leads to data loss, costs in terms of restoring systems, costs related to the inactivity of staff who cannot continue their work and are out of work, etc. All this is detrimental not only to the community itself but also to the administrations, regions and users.

Unfortunately, most public organizations are not ready in terms of security.

According to a study by the French GIP Cybermalveillance published on May 17, 2022, 65% of municipalities with fewer than 3,500 inhabitants believe they are safe from cyberattacks. [3]

The example of cyberattack on the city of Marseille during the 2020 municipal elections; the DDOS attack, in December 2018, where cyber-militants targeted several institutional websites unfortunately proves it well.

The risk of devastating effects on services, but also the loss of public confidence, the non-compliance with regulations (The Network and Information System Security (NIS) Directive), encourage the development of security programs.

The digital transformation in this sector is colossal, it still requires upgrades, and above all, it has widened the attack surface into which cybercriminals are rushing.

New methods, new tools, new protection processes must be put in place. The adventure begins and is far from over!

Nature of the attacks

The nature of the attacks is changing due to the protection of organizations.

Thus, they can come from extremely basic vectors that still work, such as an infected USB key (52% use unapproved devices for work[4]), a phishing email, a zero-day vulnerability (, data theft (48% of public sector players surveyed said they had suffered a cyber attack or data theft. ) combined with doxing, or DDOS attacks as we have just seen.

It is also worth noting that one of the most common vulnerabilities in this sector is the fact that “nearly half of the elected officials surveyed use their personal tools for both municipal and extra-municipal purposes”.

At the European level, the latest Deloitte report, in 2021, states that 94% of Spanish companies have suffered at least one serious cybersecurity incident. A study by Checkpoint confirms these figures and announces an average of 1,040 cyberattacks per week per organization, an increase of 79% compared to 2020. Education and research are the most affected sectors.

[5] Report “Public Sector IT in 2022: Coping with Shadow IT in a Hybrid World” by NinjaOne.2022

The need of public agencies

The public sector, like the private sector, is concerned by digital risks, but it has specific security needs. Digitalization has created new IT environments that increase threats and create new challenges. Here are some of them :

Growth of Digital Services

The public sector has embarked on an essential digital transformation, accelerated by recent events (pandemic, Ukrainian crisis…). The watchword is resilience, and that means:

  • Considering data protection requirements
  • Applying of specific regulations
  • Involving agents in security
  • Imposing rules on service providers
  • Support and assistance

For this, they must choose specialized service providers who understand the specificities of this sector and who must be integrated.  It is also necessary to remember that the structures are very diversified, we notice heterogeneity in terms of:

  • Computer equipment, medical, software, information systems … We have in any country, large administrations with hundreds of thousands of civil servants and next to very small municipalities.

For example, the education system involves both students and teachers, on different IOT systems, which explains why the National Education and Higher Education have specific needs in terms of cybersecurity. 

  • Diversity of personnel, professions, organizations, processes.
  • Better visibility on a large attack surface (IOT and OT protection), and skills to cover all these assets.
  • Catching up with the technology gap

Move to the cloud

39% of public organizations globally have adopted the cloud as their primary IT operating model. [6]

Cloud deployment and planning: “cloud-centric” is also on the list of challenges that this sector will have to lead.

  • The public sector has made this choice for budgetary reasons by allowing multiple vendors, thus avoiding dependence on a single cloud provider; but also, to facilitate customization.
  • The other advantage of moving to the cloud for this sector is the mobility of applications.
  • Finally it also allows governments to obtain more flexibility.


To benefit from financing, this sector must define its cybersecurity needs when placing public orders.

  • The pandemic has forced this sector to invest in security: 50% based on AI, 40% on upgrading existing IT infrastructure.
  • The strategic imperatives remain: the issue of data storage, the implementation of 5G to maintain a competitive level.

Solutions for government agencies and data security

A private-public partnership

The public sector will have a hard time recruiting cyber talent. This sector is already experiencing a severe shortage, so the solution is to leverage specialized companies like TEHTRIS. The public and private sectors are working together to strengthen cybersecurity. It is by pooling our resources and adding automatized to incidents that we learn from each other and fight attackers better. TEHTRIS understands this and has been trusted by the public sector for several years now.

One example is the collaboration between the police and the private sector. The police authorities have the possibility and the capacity to arrest cybercriminals, to seize their material, to destroy their infrastructures; while the private sector will be able to contribute to the building by anticipating, analyzing the techniques of attacks of the cybercriminals, by bringing information on the data flows and on the threats.

The Cyber Campus is proof that attitudes are changing: many operators of vital importance and operators of essential services are present in this ecosystem, to share information on threats and understand their evolution. Many private companies are present on the site, such as TEHTRIS. Numeum’s cybersecurity commission is also working in this direction.

Data confidentiality

The other concern of the public sector is data privacy. Private and public actors must be independent. We need to strengthen our economic and digital sovereignty.

Given the value of data, it is imperative to be assured that it does not get lost in the wild or get into the wrong hands. Where is the data stored? Who has access to it? Is it secure? TEHTRIS offers a sovereign solution. Our sovereign XDR, developed and hosted in France and in Europe, can be interfaced with your cybersecurity solutions and improve their performance (Open XDR). TEHTRIS XDR operates 24/7 and is labeled “Used by the French Armed Forces”.

Other initiatives are emerging such as TeleTrusT-Initiative “IT Security made in EU” as well as Cybersecurity made in Europe, via our partner ECSO.

Moreover, choosing TEHTRIS means having local teams able to support you operationally and on demand in R&D. It is more productive to have local teams than teams thousands of miles away.

A financial boost

In France, the state is committed and takes the measure of the emergency, as proof of the project France relance, which intends to release 136 million euros, the site of the ANSSI details the plan here:

You can find on the government website the details of the amounts that constitute the national cyber strategy:

This plan is aimed at small and medium-sized organizations, public and private bodies, and communities.

There are two formulas, one is for “co-financing projects and cyber paths for existing information systems”; the other is for the creation of an incubation plan for the regional CSIRT.[7]

In Spain, the Government has announced a new measure via the creation of a Cybersecurity Operational Center (COCS) to reduce the number of cyber attacks. This center aims to help the General Administration of the State (AGE) and its public bodies. This initiative is complemented by the Shock Plan, which includes measures such as protection against malicious code, the extension of cyber threat detection services on user equipment and the implementation of remote access monitoring.


43% of public sector respondents say they are “not at all informed” about cyber risk.[8]

It is essential to combine a whole technical arsenal with awareness of the right digital reflexes. Even if local elected officials are now fully aware of the cyber risk, it is important to continue training plans and simulations for this population. It is crucial to understand both internal and external threats.

The website offers different awareness and training actions, through videos, campaigns, and supports.

France is ranked 12th in cybersecurity awareness, among the 28 countries in the European Union. [9]

Many public organizations help to accompany this awareness, we have cited the ANSSI but the EC3 also fights against cyber crime, ENISA The European Cybersecurity Agency deals with the expertise of computer security at the European level. In France, the CERT-FR, the governmental center for monitoring, alert and response to computer attacks, processes alerts and reacts to computer attacks.

A robust and adapted technology

The attack surface of a public organization is becoming larger, more complex, and more difficult to defend. Maintaining visibility into these IT assets can be arduous. Critical infrastructure, assets and data, the cloud, IoT… must be secured.

Strong policies and frameworks are a building block for creating more secure environments. Modernizing IT platforms is a priority. Security teams need better collaborative tools to defend against future cyberattacks. It is imperative to combat these cyber attacks via powerful tools. Cyber protection is a key issue for public actors.

We help government agencies, regions, utilities, and municipalities to protect their information systems. Depending on the IT, IOT or OT systems we need to protect, TEHTRIS offers its EDR, Mobile Threat Defense, SIEM and Deceptive Response . A key differentiator of TEHTIRS is also its compatibility to legacy versions of Windows, Linux and Mac which proves to be of utmost importance for public administrations.

It is critical for public sector organizations to reduce the time between compromise and detection by ensuring that attacks are identified as early as possible. TEHTRIS’ XDR solutions are hyper-automated and respond in real time. This agility is a real plus to secure your perimeter.

Our team of specialists is available to support you.

[1] Joint Cyberspace Command (JCSC).

[2] Fortinet 2022 Analysis


[4] Report “Public Sector IT in 2022: Coping with Shadow IT in a Hybrid World” by NinjaOne.2022


[6] Regional Cyber Incident Response Centers

[7] Study conducted by Infopro.2021

[8] BDO Cyber ​​Threat Insights – Q4 2018