Public and private sector cooperation is vital in controlling cybersecurity threats

cybersecurity threat
© Blackboard373

The recent cybersecurity threats on the U.K.’s national health service (NHS) demonstrate the necessity for better national protection against cyberattacks

The attack – which disabled digital services used by the NHS’ 111 medical advice helpline to refer patients for care, including appointment bookings, emergency prescriptions, and ambulance dispatch – left health workers being forced to rely on pen and paper to coordinate services.

The incident was made worse because it occurred during early August when the U.K. was facing record-high temperatures and healthcare professionals were issuing regular alerts for vulnerable patients to take extra care in the heat.

Though the temperatures eventually subsided, the cybersecurity threat capable of flooring public sector services never fades.

This was a message hammered home in the seventh SolarWinds Public Sector Cybersecurity Survey Report, which included in-depth feedback from 400 public sector IT operations and security decision-makers based in the U.S.

The Public Sector Needs to Do More to Protect Itself From Cybersecurity Attacks
Although the report surveyed public sector IT professionals in the U.S. and is slanted toward U.S. legislation, the findings are universal.

The stand-out headline is while IT security threats have increased – primarily from the general hacking community and foreign governments – public sector organisations remain all too vulnerable to attack.

Indeed, the survey found for the first time in five years, careless insiders who may have previously been a weak link in the cybersecurity defences weren’t listed as the top security threat. Instead, the general hacking community is regarded as the largest source of security threats at public sector organisations (identified by 56% of respondents), followed by careless or untrained insiders (52%), and threats from foreign governments (47%).

It will be interesting to see if this changes when next year’s survey is carried out in light of the ongoing war in Ukraine and an uptick in other geopolitical tensions. But to put it another way, the ability to detect such breaches and put suitable protection in place has simply not kept up with the advances made by hackers.

The cybersecurity threat level is still high

Zeroing in on some of the other findings—in particular, when asked about specific types of security breaches – the public sector’s level of concern over ransomware (66%), malware (65%), and phishing (63%) has increased over the last year.

And though concerns about these three types of cyberattacks had increased, the time taken to detect and resolve such breaches hasn’t improved commensurately.

In fact, six in 10 of those who took part in the survey said the time to detection – and time to resolution – “remained the same or worsened between 2020 and 2021.”

Lack of training, under-pressure budgets and resources, and the fact the ever-expanding scope of work simply shows no sign of slowing down were all cited as areas of concern by IT pros working in the public sector.

The public and private sectors need to join forces to share best practices

But it isn’t all bad news. There are encouraging signs public sector originations—at both the state and federal levels in the U.S. – are beginning to act more collaboratively regarding cybersecurity measures rather than operating in closed-door silos.

The findings follow hot on the heels of the signing of Executive Order 14028 by President Biden in May, which focused on “improving the nation’s cybersecurity.”

According to the SolarWinds survey, 86% of public sector IT pros said they’re likely to adopt cybersecurity best practices and activities outlined in the Cybersecurity Executive Order.

It was noted more than 75% of public sector respondents said their organisations rely on a “formal or informal zero-trust approach” to cybersecurity.

And though most public sector respondents are familiar with the principle of least privilege (PoLP), 70% of respondents are either already implementing PoLP or plan to implement PoLP within the next 12 months or so.

Signs are encouraging as the joint approach gains traction

For me, this report paints an interesting picture. Despite the pressure on budgets, workload, and the increased threat from bad actors, public sector organisations are committed to issues of security. And it’s clear the threat from foreign governments who may wish us harm is right up there in terms of importance.

The willingness of the public sector to actively wish to follow the roadmap outlined in the Biden Administration’s Cybersecurity Executive Order – including enhanced data sharing between the public and private sectors – is also really encouraging.

Speaking for myself and for many people within the industry, you can only thwart attempts to undermine public services by having governments join forces with industry to create a united front.

What’s more, I believe this cooperation shouldn’t just happen within countries but between friendly nations as well. The only way to avert incidents – such as those that impacted the NHS in the U.K. – is to implement the most robust defence protocols possible.

This piece was written and provided by Sascha Giese, Head Geek™ at SolarWinds.

LEAVE A REPLY

Please enter your comment!
Please enter your name here