Cyber threats in the Public Sector
Posted on Friday, November 2, 2018 by Venn Group Consultancy — No comments
The definition often used of a cyberthreat is ‘a malignant and destructive act that tries to access a computer network through a data communications pathway, without gaining the right authorisation or consent from the owners’.
Cyberthreats are a complex matter not only in their definition. With organisations across all industries holding significant personal data on citizens, a cyber attack presents large risk to individuals and corporations on that data being used, manipulated or destroyed with consequences vast beyond description.
In a recent survey published by Fujitsu it was reported that 76.7% of Public Sector organisations were currently going through digital transformation. This figure was actually the highest of any sector they surveyed. A clear indication that government organisations are committed to using technology to deliver more efficient and better services.
However increased utilisation of technology can lead to increased cyber threat. UK government organisations hold a huge amount of data, this makes them an attractive target for potential cyber attacks. An investigation by Big Brother Watch reported that local authorities face an average of 19.5 million cyber attacks per year. With the introduction of GDPR they are under greater pressure than ever to demonstrate sufficient processes are in place to protect citizens personal data. Many local authorities have adopted programmes to support ongoing cyber security. Some key approaches are:
It has been reported that 88% of successful cyber attacks are caused by human error. Government organisations are conscious of this and a number of initiatives are in place to upskill and improve awareness from within. For example Portsmouth City Council along with nine local authorites co-funded and co-designed cyber awareness training, working with the company that designed and developed BBC’s mandatory cyber awareness training programme. In the first part of 2018, 50 councils commisioned the use of this.
Increased Cyber Talent Pool
The acceleration of digital transformation has led to intense speculation of skilled shortages, cyber professionals in particular. Initiatives have been put in place by the government to address this such as the Cyber schools programme, a long term scheme aimed at identifying youths with cyber talent and providing them with the training to turn this into a career and the GCHQ Masters Degree, which allows maturer professionals to re-train in cyber.
Cyber threats exist across all organisations and sectors that have a digital presence. The prevention is a common goal shared by everyone. The NCSC (National Cyber Security Centre) was created by the government to pool cyber expertise and therefore tackle cyber security issues collectively in the UK. At a local level the previously discussed Portsmouth City Council initiative is an example of local authorities pooling resource to produce a best in class outcome.
Whilst there are many examples within the government sector that demonstrates their commitment to tackling the cyber threat that exists today, it is important to consider the unique challenges they face. Local authorities in particular are under great pressure to cut costs. Whilst the benefit of digital transformation is widely accepted dedicating resources to cyber security must come out of a limited budget. Current skill shortages have led to the introduction of initiatives that bridge the gap for the future. However, should cyber attacks take place in the present, these organisations lack the resources to react immediately.
Private sector companies have the ability to lean on existing talent or the freedom to employ external expertise and do so with a quick turnaround. There are a number of restrictions that prevent government organisations from doing this.