The digital transformation of the public sector in Poland has gained unprecedented momentum in recent years. E-services, platforms such as ePUAP, digital documents or electronic systems in local governments have become an everyday reality that makes life easier for millions of citizens. This revolution has made public administration - both at the central and local levels - the guardian of our most sensitive digital data. From PESEL numbers and medical data, to property information, to our children’s data in education systems - all of this is now processed and stored in the IT systems of government offices.
This huge concentration of valuable data, combined with the critical role these systems play in the functioning of the state, makes the public sector one of the most attractive targets for a wide range of cybercriminals. From ransomware groups, for whom paralyzing an office is an easy way to extort a ransom, to foreign-sponsored APT groups, for whom stealing citizens’ data is an espionage target. At the same time, the sector faces formidable challenges: limited budgets, a shortage of specialists and pressure from stringent regulations. Ensuring cyber security in government today is a fundamental issue for citizens’ trust in the state.
Shortcuts
- Why has the public sector become one of the main targets of cyberattacks?
- What are the biggest and most unique cyber security challenges for government offices and local governments?
- What key responsibilities does the new NSC law (NIS2) impose on public administration?
- What are the best practices for protecting e-journal and other key school systems?
- Why is building awareness among officials the foundation of security in the public sector?
- How does nFlo support public administrations and local governments in meeting requirements and building security?
Why has the public sector become one of the main targets of cyberattacks?
The attractiveness of the public sector in the eyes of attackers is due to a unique combination of factors that make it both a “valuable” and often “easy” target.
Concentration of sensitive data: No other industry collects such a wide and complete spectrum of data on citizens. Access to central government records (like PESEL) or local resident databases is a veritable goldmine for criminals and foreign intelligence, enabling identity theft, fraud and espionage operations on a massive scale.
Criticality of services: Paralysis of key public systems - whether at the municipal level (inability to issue documents) or the national level (failure of the healthcare system) - has an immediate, severe and widely visible impact on the public. This makes government offices an ideal target for ransomware attacks and destabilization operations, as the pressure to quickly restore operations is immense.
Limited resources and organizational challenges: It’s no secret that many public entities, especially at the local government level, face chronic underfunding in the IT and cybersecurity area. Difficulties in competing in the labor market for specialists, complex and slow tendering procedures and often outdated infrastructure mean that security levels are sometimes lower than in the commercial sector.
📚 Read the complete guide: SOC: Security Operations Center - czym jest, jak działa, jak wybrać
What are the biggest and most unique cyber security challenges for government offices and local governments?
In addition to general threats, the public sector faces specific challenges that further complicate building an effective defense.
Strict legal framework: Public administration must operate within a strict legal framework. On the one hand is RODO, which imposes the highest standards on the protection of personal data. On the other, the National Cyber Security System ( NSC ) Law, which implements the NIS2 Directive, which classifies many public entities as key service operators and imposes a number of stringent risk management, incident response and reporting obligations.
A complex and dispersed ecosystem: The public sector is not a monolith. It is a vast network of interconnected but often independently managed entities - ministries, provincial offices, counties, municipalities, as well as subordinate units such as schools and hospitals. Ensuring a consistent level of security in such a dispersed and diverse structure is a huge challenge.
Technology debt and legacy systems: Many key systems in government were built many years ago and rely on outdated technologies that are extremely difficult and expensive to upgrade or replace. Maintaining the security of such “legacy” systems requires specialized expertise.
Key cyber security challenges in the public sector
| Challenge | Description | Key answer/regulation |
|---|---|---|
| Legal requirements | Strict and mandatory legal frameworks (KSC/NIS2, RODO, KRI), failure to comply with which risks liability. | Implementation of formal Security Management Systems (SMS), regular audits, cooperation with CSIRT. |
| Sensitive citizen data | Huge, centralized collections of the most valuable personal data, a prime target for attacks. | Strict access control, encryption, pseudonymization, implementation of DLP policies, compliance with RODO. |
| Limited resources | Chronic underfunding, difficulty in attracting and retaining IT and security professionals. | Prioritize investments, focus on foundations, consider cost-effective outsourcing models (e.g., vCISO, MDR). |
| Complex supply chain (tenders) | Security is often overlooked as a criterion in public tenders, and systems are implemented by a wide variety of vendors. | Include security requirements in the Terms of Reference (ToR), implement a supplier risk assessment process. |
What key responsibilities does the new NSC law (NIS2) impose on the public administration?
The amendment to the National Cyber Security System Act, implementing the NIS2 Directive, is a real milestone for the public sector. It classifies public administrations at the central, regional and local levels as key entities, which imposes on them the full spectrum of obligations under this regulation.
Among the most important, legally enforceable obligations are:
-
Implementing a Security Management System: The Authority must have a formal, risk-based system that covers at least 10 areas, including security policies, incident management, business continuity, supply chain security and the use of cryptography.
-
Management responsibility: Unit managers (directors, mayors) become personally responsible for approving policies and overseeing their implementation, and must undergo mandatory training.
-
Rigorous incident reporting: Obligation to report major incidents to the relevant CSIRT within 24 hours (initial warning) and 72 hours (full report).
-
Risk management in the supply chain: The need to assess and manage risks associated with software and IT service providers.
The law ends the era of voluntarism and introduces hard, measurable and auditable requirements for the entire public sector.
What are the best practices for protecting e-journal and other key school systems?
IT systems in education, such as e-journals, have become critical infrastructure for the operation of any school, and at the same time one of the most sensitive points. Their compromise means not only operational paralysis, but also the potential leakage of huge amounts of sensitive data on children.
Protecting these systems requires a multi-layered approach:
-
Strong authentication: It is imperative to enforce the use of multi-factor authentication (MFA) for all users with elevated privileges - teachers, educators and administrators.
-
The principle of least privilege: Each user should have access only to the data and functions he or she needs. A math teacher should not have access to behavior notes or medical data of students from other classes.
-
Supplier security: The school, as the data controller, is responsible for selecting an e-journal provider that itself applies the highest security standards. It is important to verify that the provider has the appropriate certifications, how it secures its infrastructure, and the provisions in the data processing entrustment agreement.
-
User training: Teachers and staff must be trained regularly to recognize phishing and manage their credentials securely.
Why is building awareness among officials the foundation of security in the public sector?
In an environment where high-tech budgets are often limited and employee turnover can be high, the most effective and cost-efficient investment is to build awareness and vigilance among officials themselves. They are the ones on the front lines, handling hundreds of emails and documents a day, and they are the ones who most often become the target of phishing attacks that open the door to the entire office network.
A strong security culture in which every employee feels a shared responsibility to protect data is more powerful than any firewall. To build it, an awareness-building program must be:
-
Continuous and regular: Instead of one-time, annual training, use short, recurring forms of education.
-
Practical and engaging: Instead of theoretical lectures, use realistic phishing simulations that teach threat recognition in a safe way.
-
Supported from the top: Office management must actively promote and participate in the program, showing that security is a priority for all.
-
Positive: Create a culture where employees are not afraid to report suspicious news and incidents, and where their vigilance is rewarded rather than punished.
How does nFlo support public administrations and local governments in meeting requirements and building security?
At nFlo, we have many years of extensive experience working with the public sector. We understand its unique characteristics, budgetary challenges and stringent regulatory environment. Our portfolio of services is precisely tailored to the needs of government offices and local governments, helping them build cyber resilience in a pragmatic and cost-effective manner.
Our key service for this sector is compliance audits for the NSC Act (NIS2) and the National Interoperability Framework (KRI). Our certified auditors conduct a comprehensive gap analysis, creating a clear and prioritized roadmap for the entity’s management on the actions to be taken to comply with the regulatory requirements.
We actively support in the implementation of these activities. We help develop and implement Security Management Systems, create Business Continuity Plans (BCP) and Incident Response (IR) plans. We specialize in penetration testing of e-service systems, verifying their technical resilience. Most importantly, we offer cost-effective and scalable outsourcing models, such as the vCISO (Virtual CISO) service.
Related Terms
Learn key terms related to this article in our cybersecurity glossary:
- Security Operations Center (SOC) — Security Operations Center (SOC) is a central location where a team of security…
- SOC as a Service — SOC as a Service (Security Operations Center as a Service), also known as…
- Cybersecurity — Cybersecurity is a collection of techniques, processes, and practices used to…
- Cybersecurity Incident Management — Cybersecurity incident management is the process of identifying, analyzing,…
- Ransomware — Ransomware is a type of malicious software (malware) that blocks access to a…
Learn More
Explore related articles in our knowledge base:
- Cyber security in the health sector: How to protect patient data and critical infrastructure of hospitals?
- Risk management in cyber security: How to make informed decisions and protect business?
- Blockchain in cyber security: Applications and benefits for companies
- CEO fraud (BEC): How to protect your company’s finances from the most expensive cyber attack?
- Cyber security in the water and wastewater sector
Explore Our Services
Need cybersecurity support? Check out:
- Security Audits - comprehensive security assessment
- Penetration Testing - identify vulnerabilities in your infrastructure
- SOC as a Service - 24/7 security monitoring
