Public sector data is becoming increasingly threatened by cybercriminals and needs better protection. New approaches are needed to keep data safe, AJ Thompson, CCO of Northdoor Plc argues
Public sector data held by organisations is a tempting target for cybercriminals. Any data breach is not only a reputational issue, but can cause real issues in the ability of organisations to deliver crucial frontline services. For example, over two months after the high-profile Advanced supply-chain attack in August 2022, 12 NHS mental health trusts were still unable to access Electronic Patient Records (EPRs), which has critical consequences.
The Advanced case was a ransomware supply chain attack which had an immediate impact on the NHS, and as we’ve seen, continues to cause real problems. Such sophisticated attacks are on the increase. A recent Freedom of Information request has highlighted the threat that is facing the public sector with 2.3 million attacks on councils alone being detected by August 2022. This equates to the UK authorities facing 10,000 cyberattacks every day and is a 14% rise in the number of cyberattacks year-on-year.
This is a huge number, and although some of these attacks are being intercepted by IT security, the sheer number of attempts means inevitably some will get through. This comes at a cost with the councils paying out over £10 million over the past five years, including monies lost to hackers, legal costs and regulatory fines.
How can the public sector better manage the risk to data?
With the threat to public sector data seemingly increasing all the time, in terms of the number of attacks and the level of sophistication associated with them, the sector must find new ways of keeping data secure.
One approach that some in the public sector are taking is ‘zero-trust’. This is essentially where nothing inside or outside the network is taken at face value. This approach wraps layers of protected, AI-powered software around all users and all elements of a public sector organisation’s infrastructure. This means that everything coming into a user is treated automatically as a threat until proven otherwise.
This approach also helps in the new working environment that many public sector organisations have implemented since the pandemic. Remote or hybrid working is now here to stay. As a result, many public sector employees are sitting outside of the corporate network and are potentially more exposed to malicious threats, particularly phishing emails. A zero-trust approach ensures that such attempts are identified and dealt with before they have an impact on an organisation.
Managing data risk without causing security fatigue
Some cyber security solutions push warning notifications continuously. Although on the face of it this is a good thing, it is in fact causing what many are calling ‘security fatigue’. This is where employees are receiving so many security alerts and updates a day that they start to ignore them or lose focus on what is important and what is less so. This leads to poor decision-making when a malicious email comes through.
Cybercriminals will always attempt to find the easiest route through defences. This is too often for employees, and they are actively targeted as the weakest link within an organisation’s security network. The answer is not to inundate team members with continuous warnings, but to give them the information at the right time, to allow them to make timely, informed, good decisions. Making employees the strongest element of your cyber security strategy is a sure way of keeping cybercriminals out and the public’s data safe.
Increasing cyber resilience
All of this is essentially increasing an organisation’s cyber resilience for public sector data. Empowering employees with strategies such as zero trust and reducing security fatigue increases cyber resilience and reduces risk. Cyber resilience can also mean introducing ways of fully backing-up data, out of reach of those trying to get hold of it.
Cyber resilience is different to other backup options such as Disaster Recovery (DR). DR continuously collects huge amounts of data and stores it in an alternative data centre. However, because it is always connected it leaves the data vulnerable as cybercriminals can access it if they successfully hack systems. Cyber resilience, on the other hand, only takes key data and immediately shuts the link. The data is then sent to isolated silos out of the reach of cybercriminals.
It is critical that public sector organisations look at increasing their risk management. The loss of data has a huge impact on an organisation’s ability to deliver frontline services. As well as this, the threat from cybercriminals is increasing in regularity and sophistication, and public sector data is a real target.
Increasing levels of cyber resilience, ensuring employees have the right information at critical times, without causing security fatigue and introducing a zero-trust approach will help to better manage the risk to data and ensure that frontline services are able to continue even in the face of a breach.