Using real-time data platforms to plug cybersecurity skills gap

How can we use real-time data platforms to improve the cybersecurity skills gap crisis in government and the public sector?

There is a crisis in cybersecurity skills, and the public sector, including government agencies, will be feeling the cumulative impact this year.

A report by Ipsos for the Department for Digital, Culture, Media and Sport last May found that many UK businesses needed more staff with the technical, incident response, and governance skills needed to manage their cyber security. Given that the government has responsibility for securing all our critical national infrastructure and attempts to attract quality cybersecurity talent into the public sector in recent years have not reduced the skills gap, action needs to be taken now to withstand the growing threat landscape.

How common are security breaches in government?

Headlines relating to government security breaches seem to litter the media frequently. In November 2022, the FT reported that the data protection regulator reprimanded the Department for Education for giving improper access to identifying information on up to 28 million children; April 2022 saw 170 email addresses of customers inadvertently copied into an email by the UK Home Office’s visa service and the previous December the Cabinet Office was fined £500,000 by the Information Commissioners Office after the postal addresses of the 2020 New Year honours recipients leaked online.

The hand of malicious insiders seems to have been at work in at least two of these incidents, which reflects the dangers that lurk internally for many government departments. It’s why having strong internal security measures in place is so important and why the visibility of suspicious activity in real-time, or as it is occurring, is essential. If government security teams can create intelligent cyber threat metrics, capture and identify active cyber threats, and minimise false positives, they are better positioned to thwart attacks.

More data can translate into more threat insights

The proliferation of data is at the heart of both the problem and the solution when it comes to cybersecurity. With more real-time data at their disposal, the better-informed government agencies are, and the more insight they can apply to essential public services. The sheer volume and velocity of data, however, makes it hard to manage and creates challenges when it comes to implementing intrusion detection.

The aim of all cybersecurity professionals is to put data to work in combatting threats, ideally by bringing together immediately actionable data with historically significant data so that insights can be produced in milliseconds. This leads to informed responses when an attack, or the threat of an attack, begins to emerge.

The challenge, however, is that current approaches to cyber security need to catch up to the deluge of threats driven by remote and hybrid working and the increase in usage of mobile devices, social channels and virtualised cloud networks. Traditional security mechanisms are unable to harness the massive array of data sources, which can shed light on where risks are developing and how they can be managed.

Government departments need access to tools that minimise the effective response time between identifying an attack, remediation of an active attack, and eliminating future attacks. Without this, there is a danger of significant financial impact, reputational damage, the loss of classified or personal data, and even risk to national security.

This is why speed and the extreme scalability of data infrastructure are so critical to government and public sector cybersecurity professionals. It allows them to bridge the gap between analysis of the threat landscape and real-time responses to threats as they happen. The best way to understand today’s evolving threat landscape in real time is through immediate access to massive quantities of data that can leverage adaptive, self-learning algorithms.

Real-time data platforms can plug the vulnerability gap

In the current environment, government departments would benefit from the same real-time platforms that private businesses are deploying to move beyond typical signature-based threat detection methods. These platforms can ingest intelligent data and deliver it rapidly and in vast quantities so that computation engines running self-learning algorithms can unearth patterns of suspicious behaviour on a network. Our own customers use our multi-cloud database platform to analyse billions of events daily, way beyond the capacity of any legacy system.

By ingesting and storing petabytes of data from multiple different sources, analysis can be done to secure not just public sector and government networks but applications, platforms, and even Internet of Things (IoT) systems.

Given the shortage of cybersecurity talent, professionals need access to powerful tools that can assist them to be faster and more efficient in their response. Real-time data management platforms do this by leveraging a variety of continuous diagnostics and mitigation solutions, such as threat intelligence, endpoint security, access management, cloud security, Zero Trust, account security, user activity monitoring, and emerging technologies.

These platforms deliver multiple features that protect every aspect of a government department’s infrastructure freeing up the time, and talent, of security leaders and their teams. Not only this, but they serve as a powerful competitive advantage to protect classified data and proprietary intellectual property. No government department can afford to wait for the skills crisis to resolve while leaving critical public infrastructure at risk, and real-time database management platforms have the potential to plug that gap and eliminate growing cybersecurity threats.

Written by Martin James, Vice President, EMEA at Aerospike