In the first article of a two-part series, Sascha Giese, Head Geek™, SolarWinds, shares 5 proactive security methods that public sector organisations should adopt in order to protect themselves against cybercriminals
Cybersecurity is currently a topic on many people’s minds, especially as cybercriminals continue to find increasingly sophisticated methods of attacking organisations. One of the more challenging recent discoveries is attackers no longer have to steal data records to succeed. As was the case when the 2017 WannaCry attack hit the NHS, cybercriminals can simply lock up data and hold it hostage to wreak havoc (and benefit financially if the organisation pays a ransom). But it’s also becoming more common for insider threats to be just as dangerous—one wrong click can cause as much devastation as an external threat.
The U.K. public sector holds some of the most important and sensitive data in the entire country, from private medical records to military intelligence. Consistently protecting this data is a major priority, which means the IT teams working within the public sector are entrusted with implementing the most effective security measures to prevent attacks or internal mishaps.
Changing how organisations think about security to enable everyone to more proactively fight cybercriminals may be the most crucial and necessary change to make. Across this two-part series, we’ll look at the top 10 steps to achieve this.
1. Talk more about risk and less about security
No organisation—public or private—is ever 100% secure. Even if it has the best security technology and processes in place, a new type of attack could always hit an organisation before anyone has learnt about it from previous experience. Discussions often focus on a black-and-white view of either being secure or not being secure, which tends to deny the reality of the situation.
Instead, IT teams should focus on risk, including the following:
- Considering how much risk the organisation faces. Instead of focusing on security measures, determine how damaging a data breach could be to the organisation’s reputation or bottom line. Public sector organisations often lack the financial cushion to protect them from a breach’s repercussions. By talking seriously about risk, executives and other stakeholders can see and understand what’s at stake, making them more likely to prioritise security.
- Setting security metrics. Security metrics not only demonstrate the value of the security measures in place but provide a health check on security and identify areas for improvement. For example, tracking the percentage of programs without the latest security patches will highlight potential security holes.
- Ensuring lessons are learnt. With the ability to measure key indicators in the environment, teams can improve their processes. For example, measuring how quickly a team responds to security incidents can identify whether the processes need to be improved, thereby providing better services to the organisation.
2. Learn about the tech environment
When it comes to protecting the public, organisations need to know what the “crown jewels” are within their environment so they can prevent cybercriminals from accessing their most important data pools. They likely already have a plan in place to maintain and protect key servers or critical endpoints—now, they must determine the key elements within these.
To start, organisations must define their key applications, systems, data, and employees. Doing so enables IT teams to put processes in place to protect them. In many cases, if an individual is compromised, the organisation could be devastated. Imagine what would happen if a chief financial officer’s laptop was compromised—it could cause a major problem.
Aside from key individuals, key data is likely to be another big focus. For example, health records contain a vast amount of sensitive data, often leading to a lucrative payday for cybercriminals. Organisations in the public sector should define their vital data stores, heighten security around these items, and regularly review their security policies for these items. While it’s impossible to secure everything, defining and protecting these items should be the top priority for anyone providing cybersecurity.
3. Strive for effective cyber-hygiene
While shifting the conversation from security to risk is important, the fundamental rules of cybersecurity still apply—teams need the right technology, processes, and effort to improve security and reduce risk. In other words, they must still practice good cyber-hygiene. Remaining vigilant about security maintenance can prevent potential disasters. The simplest attacks, like phishing attacks or malicious email downloads, often succeed.
To ensure organisations keep on top of this, they should do the following:
- Put strong antivirus on every endpoint
- Understand data maps to keep information from falling into the wrong hands
- Frequently check admin rights and permissions to sensitive data
- Regularly patch all systems and software
- Implement a strong backup and business continuity plan
- Stay vigilant against spam—this includes putting technical safeguards in place on mail servers
- Reduce the potential attack surface wherever possible by cordoning some machines off from the web or using virtual machines
- Set up incident response and remediation plans ahead of time
- Most importantly, realise there’s simply no silver bullet—proper cyber-hygiene takes constant effort and vigilance
4. Consider different security needs for every level
There’s no such thing as foolproof security or a one-size-fits-all approach. Instead, organisations should aim to make the wisest investments with their leadership teams. Organisations don’t want to ask for too much because leaders may question the value of these initiatives, but they also don’t want to miss the mark and leave the organisation unprepared for potential breaches. This can be done on a case-by-case basis, working with the leadership team to determine the organisation’s key priorities and the best level of security while considering worst-case scenarios.
One of the best adjustments to make moving forward is to provide proactive, periodic updates to the leadership team. Revisit the level of security every quarter or semi-annually, as this may help executives stay prepared for potential threats. This level of detail is crucial for keeping up with the ever-evolving security landscape.
5. Solid security is a trust builder
In a world of never-ending threats, having strong security in place can mean the difference between a reliable, consistent public service and a public service likely to fail at a crucial moment. Building trust between public sector organisations and citizens ensures the country works in harmony. With government and healthcare organisations holding some of the most sensitive and private information in the U.K., the public needs to be reassured the security measures in place are strong enough to keep their data safe.
In fact, internet of things (IoT) devices across the public sector pose an additional risk for organisations. The more IT teams can show how their technology decisions impact risk and compliance, the more senior management teams will trust them to make valuable decisions on future technology implementations.
With five steps down, there are five more to go—Sascha Giese will be covering the remaining tips in Part 2 of this series.