With UK councils targeted with an average of 10,000 cyberattacks every day since the beginning of 2022, building a cyber-resilient public sector is becoming ever more important
On average, UK councils have been targeted with 10,000 cyberattacks every day since the beginning of 2022. This staggering figure highlights the frequency at which the public sector is increasingly coming under attack and reinforces just how important the protection of their networks against cyberattacks has become.
However, when it comes to cybersecurity resiliency, public sector organisations often face an uphill battle.
First, the introduction of hybrid working has expanded public sector digital networks far beyond their traditional perimeters. And second, many employees simply do not have the skills or knowledge to recognise security threats when they are targeted by sophisticated cybercriminals.
Unfortunately, cybercriminals are aware of these challenges and are using these limitations to their advantage. This has spurred a major rise in attacks, not only from money-motivated criminals but also from nation-state actors who are looking to cause the UK harm.
In response to this increased threat, we must see immediate action to ensure that we have a cyber-resilient public sector.
What are the key obstacles they face and how can they be overcome?
Key challenges affecting the public sector:
Like many other industries, the digital skills gap is one of the major challenges affecting the public sector. While the reliance on digital increases daily, the skills to adopt, understand and utilise technology safely are not always up to date.
The pace at which technology is being adopted is rapidly accelerating
First, public sector workers are not technology experts. Second, many employees have no real training on how to use the new technology they rely on daily to perform their jobs. The pace at which technology is being adopted is rapidly accelerating. This means employees are encountering new applications and systems more readily than ever before, but with little time to understand how to operate this technology securely. The public sector employs millions of people and many of them do not have digital backgrounds and are essentially learning on the job. All of this dramatically increases cyber risks to the organisation and makes having a cyber-resilient public sector even more difficult to achieve.
Employees do not always have the cyber awareness to understand exactly how phishing scams work or what methods are used to install ransomware. This behaviour leads to curious staff clicking and falling into the scammer’s trap, which ultimately leads to breaches, potentially putting critical infrastructure and highly sensitive data at risk.
To add further fuel to the fire is the fact that many employees are now choosing to continue to work remotely using their own personal devices which dramatically increases the organisation’s attack surface. This is tricky; when a malicious email shows up in a remote worker’s inbox, that worker doesn’t have office-mates sitting nearby to run their suspicions by and verify that they may be the target of a scam.
Furthermore, employees are engaging the traditional office network from a plethora of different devices; these devices may on any given day be personal or government furnished. Remote workers using these devices are connected to networks externally, potentially accessing sensitive data without IT teams having a full understanding of how secure their choice of work device really is.
Yet, in reality, many organisations still tolerate this level of risk as a result of resource shortages. Unfortunately, it will likely take a significant network breach and loss of sensitive data before this resource gap is addressed.
Let’s review best practices public sector organisations should be adopting now to secure their digital terrains:
Security best practices
When it comes to improving security, public sector organisations must focus on the visibility of every asset on their enterprise network. You must know your environment: What devices are connected? What systems are they running? What is an immediate risk to the organisation?
This involves deploying security tools which can detect all devices on the network, whether public sector owned or personal. You must take inventory of your existing security processes and verify that they are functioning properly. Find all non-compliant devices, and quarantine them immediately until proper remediation can be enforced. And then continue to monitor and assess in real-time for any and all high-risk devices. Furthermore, by deploying network segmentation, public sector organisations can ensure personal and remote devices will have limited network access and are kept away from critical data and resources.
It’s important to emphasise how essential continual employee training is. Internal security training needs to be frequent and must ensure employees are not only educated on threats and attacker techniques, but also on best practices for using technology safely. Part of an organisation’s cybersecurity hygiene needs to include this type of training if they want to ensure their employees can safely use new technology and applications they encounter daily, as well as how to report suspicious activity.
The importance of a cyber-resilient public sector
The public sector is a high-value target for criminals today and its vulnerability to attack increases as its reliance on digital grows. However, by educating employees on cyber risk and continually improving asset visibility and compliance, all public sector organisations will significantly help improve defences against attacks.
Public sector bodies must actively work to improve their defences against cyberattacks, to ensure that even when threat activity increases, they can identify and prevent attacks to keep their critical data safe.
Written by Melissa Trace, Vice President of Global Government, Forescout
