Public Administration

  • Summary

    By far the biggest threat in this industry is the social engineer. Actors who can craft a credible phishing email are absconding with Credentials at an alarming rate in this sector.


    3,236 incidents, 885 with confirmed data disclosure

    Top Patterns

    Social Engineering, Miscellaneous Errors, and System Intrusion represent 92% of breaches

    Threat Actors

    External (83%), Internal (17%) (breaches)

    Actor Motives

    Financial (96%), Espionage (4%) (breaches)

    Data compromised

    Credentials (80%), Personal (18%), Other (6%), Medical (4%) (breaches)

    Top IG1 Protective Controls

    Security Awareness and Skills Training (14), Access Control Management (6), Account Management (5)

  • The Social Engineering pattern was responsible for over 69% of breaches in this vertical (Figure 116). Clearly, this industry is a favorite honey hole among the phishing fiends. The Social actions were almost exclusively Phishing with email as the vector (Figure 117). Pretexting was rarely leveraged at all, and why should they go to all the work of inventing a scenario when a straight up phish gets the job done?

  • Figure 116
  • Figure 117
  • The Miscellaneous Errors pattern was a far distant second and consisted of Misconfiguration (although not usually found by security researchers—which was a surprise, as that is the most common pairing) and Misdelivery (Figure 118). Certainly, government entities are responsible for a lot of mass mailings, and paper documents were the second most common assets that were delivered to the wrong recipient, with good old-fashioned emails taking first place. 

    The System Intrusion pattern rounds out our top three and is a combination of Hacking and Malware actions. We found the Use of stolen credentials, followed by dropping Malware with either C2 or ransomware capabilities to be the most common story in this pattern. 

    The most frequently stolen data type is Credentials, which are then used to further the attacker’s presence in the victim’s network and systems (Figure 119). After Credentials, Personal information is the top data type compromised where breaches were confirmed in this sector.

  • Figure 118
  • Figure 119

Let's get started.