Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations.

GoBruteforcer Botnet Targets 50K-plus Linux Servers

Instagram users received emails last week about purported password reset attempts. At the same time, Instagram data appeared on the dark web.

Last week, many Instagram users began receiving unsolicited emails from the platform that warned about a password reset request.

The message said:

> “Hi {username},  
> We got a request to reset your Instagram password.  
> If you ignore this message, your password will not be changed. If you didn’t request a password reset, let us know.”

Around the same time that users began receiving these emails, a cybercriminal using the handle “Solonik” offered data that alleged contains information about 17 million Instagram users for sale on a Dark Web forum.

These 17 million or so records include:

*   Usernames
*   Full names
*   User IDs
*   Email addresses
*   Phone numbers
*   Countries
*   Partial locations

Please note that there are no passwords listed in the data.

Despite the timing of the two events, Instagram denied this weekend that these events are related. On the platform X, the company stated they fixed an issue that allowed an external party to request password reset emails for “some people.”

So, what’s happening?

Regarding the data found on the dark web last week, Shahak Shalev, global head of scam and AI research at Malwarebytes, shared that “there are some indications that the Instagram data dump includes data from other, older, alleged Instagram breaches, and is a sort of compilation.” As Shalev’s team investigates the data, he also said that the earliest password reset requests reported by users came days _before_ the data was first posted on the dark web, which might mean that “the data may have been circulating in more private groups before being made public.”

However, another possibility, Shalev said, is that “another vulnerability/data leak was happening as some bad actor tried spraying for \[Instagram\] accounts. Instagram’s announcement seems to reference that spraying. Besides the suspicious timing, there’s no clear connection between the two at this time.”

But, importantly, scammers will not care whether these incidents are related or not. They will try to take advantage of the situation by sending out fake emails.

“We felt it was important to alert people about the data availability so that everyone could reset their passwords, directly from the app, and be on alert for other phishing communications,” Shalev said.

If and when we find out more, we’ll keep you posted, so stay tuned.

**How to stay safe**

If you have enabled 2FA on your Instagram account, we think it is indeed safe to ignore the emails, as proposed by Meta.

Should you want to err on the safe side and decide to change your password, make sure to do so in the app and not click any links in the email, to avoid the risk that you have received a fake email. Or you might end up providing scammers with your password.

Another thing to keep in mind is that these are Meta-data. Which means some users may have reused or linked them to their Facebook or WhatsApp accounts. So, as a precaution, you can check recent logins and active sessions on Instagram, WhatsApp, and Facebook, and log out from any devices or locations you do not recognize.

If you want to find out whether your data was included in an Instagram data breach, or any other for that matter, try our free Digital Footprint scan.

**About the author**

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

 Received an Instagram password reset email? Here’s what you need to know 

No matter what new laws or regulations make the cut for 2026, it's clear that compliance challenges will persist and federal legislation will be limited.

Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult

A state-sponsored threat group tracked as "Kimsuky" sent QR-code-filled phishing emails to US and foreign government agencies, NGOs, and academic institutions.

FBI Flags Quishing Attacks From North Korean APT

Hexnode Moves into Endpoint Security With Hexnode XDR

The fundraiser for the ICE agent in the Renee Good killing has stayed online in seeming breach of GoFundMe’s own terms of service, prompting questions about selective enforcement.

The crowdfunding platform GoFundMe is allowing a fundraising campaign tied to the potential legal defense of an Immigration and Customs Enforcement (ICE) agent who fatally shot a civilian to remain online, despite company rules barring fundraisers connected to violent crimes and past enforcement actions against similar campaigns.

The fundraiser, titled “ICE OFFICER Jonathan Ross,” seeks at least $550,000 to support potential legal expenses for the ICE agent identified as having shot and killed Renee Nicole Good, a mother of three and widow of a military veteran, during an encounter with immigration agents in Minneapolis.

The officer was first identified as Jonathan Ross, 43, by the Minnesota Star Tribune.

The GoFundMe campaign’s stated purpose—raising money for legal services following a killing—directly conflicts with GoFundMe’s terms of service, which specifically bars fundraisers that are intended to support the legal defense of people accused of financial or violent crimes.

GoFundMe has not publicly explained why the Ross fundraiser remains active despite its terms of service stating users agree not to “use the Service or Platform to raise funds” for the “the legal defense of financial and violent crimes, including those related to money laundering, murder, robbery, assault, battery, sex crimes or crimes against minors.”

Ross has not been formally charged with any crime. The shooting is being investigated exclusively by the FBI after federal authorities effectively blocked Minnesota investigators from participating, prompting the state attorney general and Hennepin County attorney to launch a parallel effort to collect evidence independently.

In an email, a GoFundMe spokesperson told WIRED on Sunday night that it was in the process of reviewing all fundraisers tied to the shooting. “During the review process, all funds remain safely held by our payment processors,” the spokesperson said. “GoFundMe’s Terms of Service prohibit fundraisers that raise money for the legal defense of anyone formally charged with a violent crime. Any campaigns that violate this policy will be removed.”

The company added that it was working directly with the organizer of the Ross fundraiser to “gather additional information.” The organizer is identified on the site as Clyde Emmons of Mount Forest, Michigan. WIRED could not immediately reach Emmons or confirm his identity.

On Sunday night, Emmons’ fundraiser stated that “funds will go to help pay for any legal services this officer needs.” That language was removed after WIRED’s inquiry and replaced by Monday morning with the phrase, “Funds will go to help him.”

GoFundMe did not respond to multiple follow up requests for comment, including questions as to whether it had advised the organizer to change the description to better comport with its rules.

Despite the changes, several slides in a carousel at the top of the Ross fundraising page—which remain active at time of writing—make the purpose of the fundraising explicitly clear: “Give to cover Jonathan’s legal defense” and “Officer Jonathan Ross’s legal defense fund pays attorney fees and court costs.”

GoFundMe’s inaction contrasts with its handling of earlier cases involving law enforcement officers and civilians killed during encounters with police.

In 2015, GoFundMe removed a Baltimore City Fraternal Order of Police fundraiser for Baltimore police officers charged in the death of Freddie Gray, citing violations of its rules against supporting legal defenses in violent cases. That same year, the platform removed a campaign for a South Carolina officer charged in the fatal shooting of Walter Scott.

Said a company spokeswoman at the time of the Gray fundraiser: “GoFundMe cannot be used to benefit those who are charged with serious violations of the law. The campaign clearly stated that the money raised would be used to assist the officers with their legal fees, which is a direct violation of GoFundMe’s terms."

Good, 37, was gunned down during a January 7 encounter with ICE agents in Minneapolis. Video recorded by bystanders shows Good in a dark red SUV reversing as masked agents approach. One agent, identified in the press as Ross, is shown circling the vehicle with his cell phone raised, then stepping into position almost directly in front of the idling SUV before firing as it moves past him.

The video evidence sharply conflicts with public accounts offered by senior Trump administration officials, including DHS statements describing Good as a “domestic terrorist” who “weaponized” her vehicle, as well as President Donald Trump’s claim that “she ran him over.”

State officials said over the weekend that the Minnesota Bureau of Criminal Apprehension had been cut off from the crime scene and no longer had access to key evidence, including Good’s vehicle and witness interviews. Local prosecutors claimed that without access to the FBI’s case file, it may be impossible for the state to assess whether charges are warranted, even though the shooting is well documented, occurred in Hennepin County, and involves a Minnesota resident.

A separate fundraiser for Good’s widow and family has currently raised more than $1.5 million.

GoFundMe Ignores Own Rules by Hosting a Legal-Defense Fund for the ICE Agent Who Killed Renee Good

Secure container images are now essential for modern apps. These five options help teams reduce risk, cut patching effort, and improve long-term security.

Modern applications are built on containers, but their security posture is largely inherited from them. Long before application code runs, choices made at the container image level determine which vulnerabilities are embedded, which risks remain undetected, and how much remediation work is required with every release.

By 2026, secure container images will no longer be a niche concern. They are a prerequisite for maintaining velocity without accumulating unmanageable security debt. Teams are increasingly selective about what they inherit, how images are maintained, and whether vulnerabilities are prevented or merely detected.

****At a Glance: The 7 Best Container Image Security Tools for 2026****

1.  **Echo** – Rebuilds base images to remove CVEs before they enter the supply chain  
    
2.  **Sysdig** – Helps teams decide which image vulnerabilities actually matter in production  
    
3.  **Aqua Security** – Enforces image security standards across CI/CD pipelines at scale  
    
4.  **JFrog Xray** – Exposes vulnerable components and dependency risk inside container images  
    
5.  **Palo Alto Prisma Cloud** – Centralizes policy and compliance controls for container images  
    
6.  **Orca Security** – Prioritizes image risk based on cloud exposure, not raw CVE counts  
    
7.  **ARMO** – Links image vulnerabilities to Kubernetes posture and misconfigurations

****What Makes a Container Image “Secure” in 2026****

Security at the image level is no longer defined solely by scan results. Most modern images will _pass_ a scan at some point. The real differentiator is how quickly risk returns, and how much effort is required to keep it under control.

A secure container image in 2026 typically demonstrates four characteristics:

*   Minimal inherited attack surface
*   Clear ownership and maintenance model
*   Predictable lifecycle and update cadence
*   Low reintroduction of known vulnerabilities over time

Images that fail on these dimensions tend to look secure briefly, then degrade rapidly as new CVEs emerge.

****The Best Secure Container Images for Modern Applications********1\. Echo****

Echo represents a shift from _hardening_ images to preventing vulnerabilities from entering them at all. Echo is best suited for organizations that want to reduce long-term security effort, not just improve visibility.

Rather than starting with a general-purpose distribution and patching it, Echo rebuilds container base images from scratch – removing unnecessary components, while maintaining full functionality. The resulting images are delivered as CVE-free drop-in replacements for common base images and runtimes.

What makes Echo particularly effective for modern applications is not just the clean starting point, but continuous maintenance. Autonomous systems monitor new vulnerability disclosures, apply fixes, and reissue images before CVEs accumulate downstream.

****Benefits:****

*   Images start with zero known CVEs
*   Vulnerabilities are prevented, not managed
*   Compatible with existing CI/CD workflows
*   Security posture does not degrade between releases

****2\. Google Distroless****

Google Distroless images are designed around a simple idea: if something is not required to run the application, it should not be in the image.

By removing shells, package managers, and debugging utilities, Distroless drastically reduces the attack surface. This makes it a strong choice for production workloads where immutability and predictability matter more than convenience.

Distroless images enforce discipline. Debugging must occur externally, and build pipelines must be well-defined. For teams that have reached this level of maturity, the security benefits are substantial.

****Benefits:****

*   Minimal runtime exposure
*   Strong alignment with zero-trust principles
*   Reduced exploit paths

****3\. Alpine Linux****

Alpine Linux remains one of the most widely used minimal base images. Its small footprint reduces image size and limits default package inclusion, which helps control the attack surface.

However, Alpine’s fast release cadence and reliance on musl libc introduce frequent vulnerability disclosures and occasional compatibility challenges. While patches are typically released quickly, the maintenance burden is higher than many teams expect.

Alpine is secure by _reduction_, not by prevention.

****Benefits:****

*   Performance-sensitive workloads
*   Teams are comfortable with frequent rebuilds
*   Environments where size matters more than stability

****4\. Ubuntu Container Images****

Ubuntu Container Images prioritize stability, predictability, and ecosystem compatibility. Maintained by Canonical, they offer long-term support releases and a familiar operating model.

Security in Ubuntu images comes from responsiveness, not minimalism. Vulnerabilities are patched quickly, but the images include a broad set of packages by default, which increases inherited risk.

Ubuntu images are often chosen when development velocity and compatibility outweigh aggressive hardening.

****Benefits:****

*   Teams standardizing on Ubuntu across environments
*   Long-lived applications
*   Broad third-party dependency requirements

****5\. Red Hat Universal Base Images****

Red Hat Universal Base Images (UBI) are commonly used in enterprise environments that require formal support models and certified distributions, particularly where compliance requirements influence base image selection.

UBI images trade minimalism for governance. They integrate tightly with Red Hat’s ecosystem and offer predictable lifecycle management, which is essential in regulated industries.

From a security perspective, UBI emphasizes control and auditability rather than vulnerability elimination.

****Benefits:****

*   Regulated industries
*   Compliance-driven environments
*   Organizations standardizing on Red Hat

****Why Secure Images Matter More Than Secure Code****

Application teams can patch code quickly. Images are different.

Base images are often:

*   Rebuilt infrequently
*   Shared across many services
*   Trusted implicitly once approved
*   Maintained by platform teams rather than app teams

This makes the image layer one of the most effective places to either eliminate risk or unknowingly multiply it.

Organizations that invest in secure image foundations consistently report fewer emergency rebuilds, fewer security exceptions, and smoother compliance reviews.

****How Teams Choose Secure Images in Practice****

Most organizations do not select secure images solely based on scan scores. The decision usually comes down to:

*   Whether vulnerabilities accumulate over time
*   Who is responsible for maintaining the image
*   How well the image aligns with existing workflows
*   How much ongoing remediation work does the image creates

Images that reduce long-term effort tend to outperform those that simply look secure at a single point in time.

The most effective teams choose image foundations that minimize inherited risk, clarify ownership, and reduce recurring security work. In that context, secure images are no longer a tactical choice; they are a strategic one.

5 Best Secure Container Images for Modern Applications (2026)

### Impact
Historically, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be used against different server.

### Patches
* https://github.com/WeblateOrg/wlc/pull/1098

### Workarounds
Remove unscoped `key` from wlc configuration. Only use URL-scoped keys in the `[keys]` sections.

### References
This issue was reported to us by [wh1zee](https://hackerone.com/wh1zee) via HackerOne.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-9rp8-h4g8-8766: Weblate wlc has insecure API key configuration

Scammers are using fake October 2025 performance reviews to trick staff into installing Guloader and Remcos RAT malware. Learn how to identify this threat and protect your personal data from remote hackers.

We all know the feeling of waiting for a performance review. It can be a stressful time, and unfortunately, cybercriminals are now using that anxiety to their advantage. A recent report by AhnLab Security Intelligence Center (ASEC) has revealed a clever new email scam, which uses fake employee reports to trick people into installing dangerous software on their computers.

****How the Trap is Set****

The scam starts with an email that looks like it is coming from management or HR. The message mentions the performance reviews for October 2025 and claims that the company is planning to let some people go. To make it feel more urgent, the email tells the reader they need to check an attached file to see where they stand.

This is a classic social engineering trick involving scaring people into thinking their jobs are at risk. The attackers hope you will act quickly and open the attachment without thinking twice.

Phishing email (source: AhnLab)

****The Hidden Danger in the Attachment****

The attached file, as per AhnLab’s report, is usually a zipped or compressed folder in which there’s a file named ‘staff record pdf.exe’. It is worth noting that if your computer is set to hide file extensions, this will look like a regular PDF document. However, in reality, it is an executable program. As soon as the user double-clicks this file, it launches malware known as Guloader.

This software is particularly tricky because it doesn’t immediately show up on your hard drive but hides in the computer’s temporary memory and reaches out to a Google Drive link to download the rest of its tools. By using a trusted site like Google Drive, the hackers can easily bypass basic security filters.

Attached compressed file (Source: AhnLab)

****What Happens if You Get Infected?****

The final goal of this attack is to install Remcos RAT. As soon as this virus is active, it connects back to the hacker’s home base. In this specific case, the malware was found communicating with a server at 196.251.116.219 using ports 2404 and 5000.

This connection allows hackers to watch you through your webcam, listen via your microphone, see every key you type, and even steal your saved passwords and browser history.

To protect yourself, always be wary of unexpected emails about dismissals or reports, especially if they have attachments. Also, make sure your computer is set to show full file extensions so you can spot an ‘.exe’ file pretending to be a document. Regularly changing your passwords and using extra login security can also help keep your data safe if a slip-up happens.

(Photo by Xavier Cee on Unsplash)

Fake Employee Reports Spread Guloader and Remcos RAT Malware

Public sector cybersecurity faces outdated systems, budget gaps, and rising attacks. Learn key challenges, defense strategies, and proven best practices.

Once upon a time, computer crimes were associated with the image of a hacker in a black hoodie working in a dark room by the glow of a monitor. But times have changed, and so have the threats. From simple penetration attempts, cyber attacks have evolved into complex, coordinated operations specifically targeting state systems, rather than pursued merely for entertainment or recognition.

Today, cyber attacks on government structures occur for various reasons. Some attackers are motivated by political pressure, attempting to influence legislative decisions or discredit the authorities. Others seek recognition in the world of cybercriminals, counting on fame and reputation. A third category has purely commercial interests. However, the most prevalent motivation remains the theft of personal data of citizens stored in state registers: medical records, registration documents, and income data. This data is then sold on the dark web, generating millions of dollars in the process.

This is precisely why cybersecurity in the public sector cannot tolerate mistakes. Unlike private companies, which can afford certain risks for the sake of innovation, the public sector opts for verified, tested, and maximally secure solutions. After all, breaches in healthcare systems can cost people their lives, failures in transport systems can lead to road chaos, and compromises of citizen registries leave millions vulnerable to fraud.

Over the past few years, the volume of cyber attacks on state bodies has increased by more than 40 percent. This figure speaks for itself. It is no longer possible to view public sector cybersecurity as a secondary issue to be dealt with later. This is a matter of national security and citizen trust. And this urgency is intensified by the growing digitalization of the public sector.

If you’ve ever watched the series “Black Mirror” or “Mr. Robot,” you know how terrifying scenarios of cyber attacks at the state level can be. Unfortunately, reality is sometimes even worse than fiction, but the sector itself is indeed very conservative.

Therefore, overly untested or innovative ideas are not introduced here. Everything that the state integrates undergoes dozens, and sometimes hundreds, of rounds of verification, testing, and controlled attacks to identify weaknesses.

****Why Governments Become Primary Targets for Hackers****

1.  State and municipal structures attract the attention of cyber attackers for several reasons simultaneously. First, there are enormous volumes of personal data. State registers contain information about every citizen: document numbers, addresses, contacts, medical data, and tax records. One successful breach opens access to tens of millions of records. On the black market, such databases command serious money.
2.  Second, many government systems are built on outdated technologies. “Legacy systems” are windows into the past through which modern hackers can easily penetrate. These systems were often written decades ago, when nobody even thought about internet security as we understand it today. Updating these systems costs millions and proceeds slowly through bureaucratic channels.
3.  Third, state bodies, which are often government agencies, are often underfunded when it comes to preventing cybersecurity threats. Money is allocated to hospitals, schools, and roads, while IT security receives scraps of the budget. The result: a shortage of experts, an absence of a unified defense strategy, and outdated equipment.
4.  Fourth, there is prestige. Every hacker who has cracked a major government portal automatically enters the “ranking” of cybercriminals. This attracts new members to groups, funding, and opportunities.

Real examples illustrate the scale of the problem. In 2021, hackers attacked American healthcare systems, rendering hospitals non-operational. In 2022, the Portuguese tax service was compromised, with data from millions of citizens stolen. In 2019, the United States experienced a powerful attack on Baltimore’s city system, making it difficult for residents to obtain documents.

Groups similar to “Anonymous” deserve special mention. These well-organized cybercriminals are motivated not solely by financial gain. They attack state structures as symbols of systems they wish to destabilize or criticize. Such attacks are harder to predict because the driving force behind them is not just money but ideology. Cybersecurity threats to government from such organized groups represent an unprecedented challenge.

Precisely because of such threats, the state can no longer rely solely on internal resources. The IT departments of government bodies simply do not have sufficient resources and expertise to fight organized groups of cybercriminals. This has created the need for partnerships with private companies specializing in cybersecurity.

Private companies operating in the field of cybersecurity in the public sector have many advantages. They constantly monitor global threats, maintain international networks of experts, and invest in cutting-edge technologies.

Such companies have decades of experience working with government bodies in 70 countries worldwide, understanding the specifics of the public sector far better than those who have never encountered bureaucracy and the peculiarities of state administration. More information can be found at: https://dxc.com/industries/public-sector.

These companies help states not merely react to attacks but develop proactive defense. They integrate modern technologies, establish security centers, train civil servants, and develop strategies that account for the peculiarities of specific countries and government bodies. Without such partnerships, public sector cybersecurity would remain a positional game where attackers always have the advantage.

****Core Challenges of Cybersecurity in the Public Sector****

The first and most obvious challenge is underfunding. Imagine you have a budget of 1 million dollars for IT security. But you need to protect thousands of computers, servers, databases, and web portals. What private companies can solve flexibly, the public sector must handle through lengthy tenders and procurements.

The second challenge is a shortage of experts. A competent cybersecurity specialist on the job market is expensive, and working conditions at private companies are often more attractive than in government agencies. Where will young talent choose to work? In a comfortable office with a salary two or three times higher, or in a government institution with average pay? The result is obvious, and state bodies remain with teams of veterans who often fall behind the pace of technological development.

The third challenge is legacy systems. They drag on like an anchor to the past. These systems were often written in programming languages that are no longer needed, run on outdated equipment, and have architectures that do not adapt to modern patches and updates. Yet rewriting them anew remains impossible because they contain critical data, and any downtime would have catastrophic consequences.

The fourth challenge is the human factor. Most successful cyber attacks do not begin with technical vulnerabilities but with the simple “clicking in the wrong place.” A civil servant receives an email from the “Personnel Management System” asking to update their password. They follow the link, enter their credentials, and the hacker now has access to their account. This then spreads further throughout the organization. Thus begin the most complex attacks.

The fifth challenge is the weight of potential attacks. Hackers are interested precisely in large, important systems. A small company might get by without a leading cybersecurity specialist, but a government structure serving millions of people does not have that luxury. It becomes a magnet for attacks because the stakes are very high for both attackers and defenders.

****From Fighting Fires to Prediction: Building Powerful Cyber Defense****

Consider what happened in the public sector over the last 10-15 years. Previously, everything was about a reactive approach: we wait for something to happen, then fight the fire, fire someone, and promise it won’t happen again. Now everything has changed, and those organizations that have transitioned to preventive thinking are winning.

1.  The first step is centralized monitoring systems. Imagine a nuclear power plant’s control room where every sensor is tracked in real time. In cybersecurity, this works similarly. All systems transmit information to one observation center, where analysts can view it on a single screen. If someone attempts to slip beyond normal parameters, the system alerts them. This allows problems to be caught before they escalate into real attacks.
2.  The second element is cyber education. Not only should the IT department understand how to protect itself, but it should also understand how to protect the organization. Every civil servant, from clerk to minister, must know the basic rules of cybersecurity hygiene. How to recognize phishing, why passwords shouldn’t be written on sticky notes, and what to do if something seems suspicious. Some Czech cities experimented: they informed all agencies that a fake attack would occur for training purposes, but did not say when. The result was striking. In the first wave, 60 percent of people “clicked” on fraudulent links. After six months of training, this figure dropped to 15 percent.
3.  The third factor is the integration of artificial intelligence and machine learning. Modern systems can detect threats in real time by analyzing millions of events per second. AI “learns” from historical attack data and recognizes patterns that the human eye would miss. This is like the difference between a police officer walking a district on foot and a camera system with facial recognition that analyzes every face against a database of wanted persons.

Examples of successful practices can be found in the EU and the US. Estonia, for instance, has built an e-governance system considered one of the most secure in the world. They use cryptography, multi-factor authentication, and continuous monitoring. Every operation leaves a trace that can be verified. If the system detects unauthorized access even years later, it can recover and certify it.

Denmark developed a centralized incident management system for all government bodies. When an attack occurs anywhere, it is immediately transmitted to the center, and on-site specialists can receive assistance, and other bodies receive warnings about potential threats.

****Best Practices for a Secure Digital State****

If you truly want to protect a government system, you must follow verified practices. The first is regular audits. Not just once a year, but continuously. Every quarter, every month, depending on system criticality.

The second practice is regular software updates. It sounds simple, but in reality, it is a serious challenge. Each patch requires testing on thousands of computers and servers. Testing may reveal that some legacy software stops working with the new update. Yet failure to implement updates means leaving doors open to attacks.

The third is the principle of minimum access. In simple terms, every person should have access only to what they need to do their job. A clerk working with registrations should not have access to the medical data of millions of people. A bus driver should not be a database administrator. If a hacker steals a regular employee’s credentials, they will have limited access.

Real cases demonstrate how this works in practice. In the United Kingdom, the Department of Work and Pensions (DWP) entered into multi-year contracts with companies specializing in vulnerability testing. They regularly conduct comprehensive system reviews, essentially posing as hackers. The result is a system that withstands hundreds of attacks per year without compromise. In the Netherlands, the employment service modernized its infrastructure to cloud solutions, which allowed it to update security faster and more efficiently.

Just as ancient cities once built walls against enemies, modern governments are erecting digital fortresses, layer by layer, barrier by barrier, so that an attack requires not only skill but also enormous resources, time, and luck.

****Securing the Future:** **Public Sector Cybersecurity** **as a Long-Term Mission****

Cybersecurity is a constant, continuous process of adaptation, learning, and improvement. 

Technology helps, but the human factor remains critical. You need specialists who understand both technical and organizational aspects. 

The second component is continuous collaboration between sectors. Private companies have specialization and resources; government bodies have access to critical infrastructure and information about real threats. Government administration should accumulate knowledge, hire private experts to solve specific problems, but not rely entirely on external consultants. 

The third component is investment. Building security is not cheap. But it is far cheaper to build it from the start than to later excavate from the ruins of a broken system. 

The fourth component is the legislative framework. Regulations, standards, and norms must be clear and consistent. When an organization knows it will be checked for compliance with certain standards, it takes it more seriously. The European General Data Protection Regulation (GDPR) became revolutionary precisely because it established clear rules and strict penalties for violations.

Let us conclude with one thought often forgotten. Citizen trust in a digital state does not begin with beautiful portal designs or rapid request processing. It begins with one simple feeling: a sense of security with every click. When a person enters personal data on a government website, they must be confident that this data is protected maximally. 

(Photo by Ayrus Hill on Unsplash)

Latest News