Cybersecurity for Governments | Hunt & Hackett

With the seismic shifts in the geopolitical landscape, Hunt & Hackett has observed a notable increase in the activity of Advanced Persistent Threat (APT) groups targeting the public sector. In recent years, these developments have created a more complex and dynamic threat landscape, where state and non-state actors are increasingly intertwined, consolidating their activities and tactics to undermine the performance of governmental organizations. This trend has also been highlighted by leading security and intelligence agencies in the Netherlands, including the NCSC, AIVD, and MIVD. Erik Akerboom, head of the AIVD, recently emphasized that “criminal actors often overlap with state actors” and that cyber threats to Dutch organizations are on the rise.

Since the Netherlands is known for its highly digitalized society and fulfills, after Germany, the role as the second largest European importer and distributor of goods, it is has become an appealing target for threat actors seeking to digitally paralyze public institutions and steal or leak confidential data.

How can you address this growing threat?

There is this legendary saying on how to overcome your adversaries: “know thy enemy and know thyself; in a hundred battles, you will never be defeated.” Knowing your enemy starts with gaining an understanding of your specific threat landscape, your adversaries’ intentions, their modus operandi, and specific attacking methods. The following sections provide a glimpse of the (central) government specific threat landscape, highlighting trends, upcoming challenges and obstacles, followed up by the Hunt & Hackett approach on how to become more resilient.

	Governments	Governments + related	All known
APTs	496	515	801
TTPs	3,421	3,554	4,112
Attack tools	3,125	3,208	3,666

Over the last three years, the Dutch General Intelligence and Security Service (AIVD) has observed a steep growth in the number of countries who have developed offensive cyber programs. Although these programs aren’t as advanced as, for example, the Chinese, Russian, Iranian or North-Korean approaches, the fact that more and more state actors are taking concrete steps towards an offense attitude means that the Dutch public sector is facing digital challenges on a new scale. Even allies are known to engage in espionage against Western nations, with government institutions often being a primary target.

Besides motivations driven by information theft or espionage, Dutch governmental organizations are becoming a target of APTs motivated by hacktivism which is the use of hacking techniques to promote political, social or ideological causes. The national position of the Dutch government in, for example, the Russia-Ukraine war or the situation in Gaza, could be used as a justification for APTs to disrupt the digital infrastructure of public institutions. Hunt & Hackett’s Threat Diagnostic System helps public and semi-public organizations to gain a deeper understanding of who, how and why their organizations are being targeted, as well as on how to address these threats.

In their fight against cyber attacks, our customers typically go through several stages of maturity. By ramping up their prevention, detection and incident readiness over time – and optimizing this for their actual threat landscape – they reach a point where they have developed solid resilience against targeted attacks, with only highly controlled and accepted risks remaining.

There is no simple 'fix' to become resilient against the sophisticated cyber threats of today. Without serious resources or processes for systematic security activities, protection against modern cyber threats like ransomware is just a wish. Hunt & Hackett has developed a unique threat- and sector-driven approach to cybersecurity, enabling you to work from your current situation to a highly improved and controlled situation, optimized for your specific threat landscape and context as an organisation.

Schietschijven1

STAGE 1: Unknown risk
Pre-monitoring
-

Preventitive controls

Limited resilience

Schietschijven2-1

STAGE 2: Reduced risk
Post-monitoring
-

Preventitive CIS controls (IG1)

Detection & response controls

Resilience against non-targeted attacks

Schietschijven3

STAGE 3: Controlled risk
Implemented roadmap
-

Alignment between preventitive, detection & response CIS controls (IG2)

Resilience against non-targeted and semi-targeted attacks

Schietschijven4

STAGE 4: Highly controlled risk
Targeted attack resilience
-

Full redundancy between preventitve, detection & response CIS controls (IG3)

Resilience against against advanced targeted attacks