“Government will protect against cyber-attack: Government’s understanding of cyber security risk will inform the adoption of proportionate security measures across government organisations, with centrally developed capabilities enabling protection at scale.” Government Cyber Security Strategy: 2022 to 2030
One of the key objectives of the Government Cyber Security Strategy is to protect against cyber-attacks. And with 2.3 million attacks on councils alone in one month, which equates to the UK authorities facing 10,000 cyberattacks every day, there are a lot of attacks to protect against. Protecting against malicious cyber-attacks is a priority, and in this article, we’ll discuss four strategies to achieve that goal.
#1 Creating a secure environment
Organisations must create a secure environment to protect against any cyber-attack. This includes having effective access control systems in place to prevent malicious actors from accessing sensitive data or networks. This can be hindered by the presence of legacy and vulnerable IT, but the Government have committed to continue efforts “to manage, upgrade or remove such IT”.
The public sector must make use of technology with security measures built in. This also means that the technology and digital services need to be set up and managed correctly. Making sure patches are updated is just a small thing but can often be overlooked.
One famous lesson to learn from is the 2017 NHS attack. Outdated software from 2015 allowed hackers to access the system resulting in 19,500 medical appointments being cancelled, 600 GP surgeries computers being locked and five hospitals diverting ambulances elsewhere. Media reported that it “could have avoided the crippling effects of the “relatively unsophisticated” WannaCry ransomware outbreak in May with “basic IT security”, according to an independent investigation into the cyber-attack.”
#2 Keeping up to date with the threat landscape
The Government strategy clearly stresses the obligation individual organizations have to understand the risks they face. Without a thorough understanding, it’s tough to strategically use the resources available to maximize security and safety. But with this proactive approach, organisations can identify malicious activity before it causes irrevocable damage.
Individual public sector organisations need to be able to prove they understand the current threat landscape. This not only includes monitoring the threats but also having an appropriate response to them.
Sparing the resource for this amid a skill shortage can be tough. When budget and manpower are short, there is a cost-effective alternative: partner with a cyber security vendor that has built-in cyber intelligence monitoring and sharing mechanisms.
For example, Censornet ASE comes pre-integrated with multiple world-class industry-leading threat intelligence feeds. ASE is updated 24×7 to automatically protect against new threat actors, without analyst or SecOps involvement.
#3 Prioritise data security
The government, just like any organisation, has a “responsibility to protect data” and needs to ensure that “data protection and security is at the heart of its approach”. And if they don’t, the consequences can be tough, even with the potential of a reduced fine.
When the Department for Education (DfE) escaped a monetary penalty for its school pupils’ learning records used by gambling companies to conduct age-verification checks that would normally result in a £10m fine, there were still major reputational consequences. More often than not, a public sector breach is not only a reputational issue, but can cause real issues in the ability of organisations to deliver crucial frontline services.
But protecting data is especially tough in the current hybrid working environment. It complicates data protection even further. A recent report from Gartner sets out the five steps to preventing data loss with remote workers:
- Create or evolve existing remote working policies to give yourself a solid foundation
- Set your employees up for success by providing Security Awareness Training
- Don’t forget about securing physical environments
- Evaluate workstation setup for things like USBs and BYOB (bring your own device)
- Make the most of Data Loss Prevention tools
These five steps are important whether your workers are remote, hybrid or office based. Making data security a priority is no longer an option. Every organisation needs to protect their data – and the public sector is no exception.
#4 Harness emerging technologies
Whilst the tools used by cyber-criminals are evolving, so too are the technologies organisations can use to protect themselves. The Government Cyber Security Strategy highlights the importance of harnessing emerging technologies, such as Artificial Intelligence (AI).
There is a big difference between AI and automation. Automated security products that mechanically perform simple jobs fail to identify and detect unknown threats. For an effective, proactive security posture, products must be able to respond to the unknown. This is where autonomous security excels, responding to unknown threats without the need for human intervention,
By having a platform which tightly integrates AI protection across the major attack surface, businesses are also protected against multi-channel attacks: those that start in one channel (for example, an email phishing attack), but spread to either web or cloud applications.
Gartner estimates that by 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access from a single vendor’s security platform. Not only is this more cost-effective than paying for multiple security products and staff, but it enables organisations to ensure hackers don’t slip through the cracks in their defences and support the well-being of security teams.
It’s time to answer the call
The Government Cyber Security Strategy is a clear call to action for all organisations in the Public Sector. To protect their data, and their people from cyber-attacks, they need to prioritise data security through policy creation and enforcement, harness emerging technologies such as AI and automation, as well as train staff in security awareness. Although daunting, taking these steps can make all the difference when it comes to protecting against future cyber-attacks.
Chances are you’re already thinking about how you can achieve this goal. If so – get started now. It’s time to take action and ensure that public sector organisations are protected against future cyber-attacks.