Digital transformation has been considered a marketing buzzword by many for the past few years, but in reality, it is far more than that. Many organisations across the U.K. are tackling the three main factors that are behind digital transformation: cloud technology, IoT, and employee mobility. In the public sector, there is a certain amount of pressure on organisations to adopt cloud technology and other innovative technologies that can improve the service that is offered to the general public, but different organisations will be at different stages of implementing these. However, one downside to increased digitisation is how this opens up an organisation to the potential for more cyberattacks.
According to a SolarWinds® Freedom of Information (FOI) survey from last year, while cyberattacks among U.K. public sector organisations became less widespread in 2018 (38 per cent experienced none compared to 30 per cent in 2017), more organisations were hit by a higher number of attacks. Some even experienced over 1,000 attempted attacks, a four per cent rise on the previous year.
This would certainly suggest cyberattacks seem to be a natural by-product of digital transformation, which isn’t too surprising when one considers an expanded digital presence equates to an expanded attack surface. The more applications, information, and processes living in the digital environment, the more opportunities there are for black hats. Unfortunately, the enormous value placed on data today together with the increased sophistication of attacks creates a double-edged sword, so when a data breach or hack inevitably occurs, the potential for damage is far greater than it’s ever been.
Keeping tried and tested defences in place
Traditional cybersecurity defences such as firewalls, antivirus, and malware protection are in place to guard against the most predominant cyberattacks, which were found to be phishing (95 per cent) and malware (86 per cent) according to the SolarWinds FOI request findings. These are, of course, necessary defence measures, but they’re simply not sophisticated enough to prevent equally sophisticated attacks. While data loss prevention (DLP) solutions are available, the majority of these are very expensive and not 100 per cent reliable. To keep the public sector secure, IT teams need to be confident their security strategy will hold firm, so the public can have confidence in them.
It may feel as though for every few steps taken towards digital transformation, a few steps are taken back every time a cyberattack occurs. As it becomes the everyday norm, what changes can be made to keep this journey on track and reduce targeted attacks?
Security measures that make an impact
Integrating security systems helps increase visibility into a network and helps in managing a wider attack surface. By using applications and devices with built-in security or, if developing an application, making robust security settings the default option, organisations can trust their users will be kept safe from malicious threats.
Teams should also undertake regular penetration testing to identify potential vulnerabilities and opportunities to improve security. Currently, less than 75 per cent of all organisations surveyed through the FOI are using log management and inspection, but even at 100 per cent, an attack can easily occur undetected. When using these kinds of solutions, ensure they come with an intelligence feed covering zero-day threats—these are threats exploiting an unknown computer security vulnerability, i.e., there is no known security fix because developers aren’t aware of the vulnerability.
Incorporating automation into security processes can help organisations to continuously monitor for threats and expand cyber-protections, even with limited personnel and resources. Good examples are tools that scan web applications from the outside to look for security vulnerabilities such as cross-site scripting, SQL injection, command injection, path traversal, and insecure server configuration. However, it’s not just the tools that are crucial, but the people too, and the communication between them. If information about a possible threat is detected, share it across the organisation so everyone can take steps to minimise risk.
Training ensures everyone is up to speed
Skills gaps related to digital technologies and cybersecurity can render organisations vulnerable to threats. Training and creating awareness are considerably more useful and probably more cost-effective than the latest technology, which is attractive considering most public sector organisations operate on limited budgets. A simple exercise like training staff how to recognise emails from scammers can go a long way in avoiding the potential data exposure to threats.
At a higher level, technology professionals continue to pursue upskilling to maintain good cybersecurity postures and keep digital transformation on track. SolarWinds’ recent IT Trends Report 2019: Skills for Tech Pros of Tomorrow, a survey of tech pros, showed the top three technologies to achieve this over the next three to five years are:
- Cloud and/or hybrid IT (66 per cent)
- SIEM and/or threat intelligence (56 per cent)
- Automation and/or orchestration (52 per cent)
In addition, it’s important the country’s public sector tech pros start to add a new organisational language to their realm of expertise—the language of business. In seeking a seat at the executive table, tech pros have the opportunity to put cybersecurity and digital transformation higher on the business agenda.
Of course, given the time and resources pressure on training, tech pros should consider approaching skills development strategically and prioritise necessary learning based around the needs of daily operations and IT environments, along with skills that support organisational growth.
Security may rely on outside help
Maintaining a solid cybersecurity posture is hugely important for every organisation, but in the public sector, where budgets and resources can present barriers to progress, another option to consider is outsourcing the cybersecurity function to an expert, or deploy a managed software solution.
Many organisations are now opting to outsource their cybersecurity, as the benefits that are gained through this often outweigh the costs. With a third party involved, organisations have access to the latest technologies and software available to tackle the ever-increasing threats. Along with this comes the experts themselves—people who live and breathe security day in, day out. Teams of experts are typically available 24/7, allowing for a rapid response to any security lapse or vulnerability that may arise, regardless of the time of day or night.
Alternatively, for those either lacking the budget for outsourcing or who’d feel more comfortable relying on their own teams, managed software solutions could be the safest option. These types of software will vary between vendors, but most should deliver intelligence to proactively identify threats, take automated action to mitigate damage, and analyse data to prevent future attacks from occurring. Though the best solutions on the market will be very expensive, the different packages on offer may be more affordable than outsourcing—though the onus will be on the organisation purchasing the software to manage it and act on the information it produces.
There is no alternative to good security—it’s as simple as that! And part of good security is being prepared for the worst eventuality, and having the right measures in place that will help to keep cybercriminals at bay. The Freedom of Information research highlighted that although overall, most public sector organisations had a good level of general preparation against cybersecurity threats, there is still a need for cost-effective and scalable solutions that can assist organisations with their defence. Digital transformation is unavoidable, and having the country’s major public services in top condition is required to keep things running smoothly all year round.
Sascha Giese, Head Geek, SolarWinds