While no organisation is immune to a data breach, the public sector is particularly vulnerable, especially as more citizen services go online. This digitisation of the public sector has not escaped the attention of cyber-criminals either, who are now keen to capitalise by stealing the vast amounts of valuable data that resides within these organisations.
Just recently, it was revealed that the details of thousands of medical staff in Wales were stolen from a private contractor’s computer server. The information included names, dates of birth, radiation doses and National Insurance numbers. This is exactly the type of data that is traded within the criminal community and goes to demonstrate the ongoing threat of cybercrime in the UK.
Unfortunately, this was by no means an isolated incident. Our research further highlights the vulnerability the public sector faces, revealing that 64 per cent of London’s councils had experienced a data breach in the last four years. Despite the clear and present danger and with cyber-crime starting to creep higher up on the government’s agenda, particularly in light of its recently released cyber threats report, the sector is still failing to grasp the scale of the threat right on its doorstep.
For public sector organisations in particular, it’s imperative that they maintain strict control over their data, due to the highly sensitive nature of the information they handle. The implications of not doing so also puts citizens at risk – especially if the information that’s stolen consists of usernames and password. Organisations need to understand what it takes to navigate today’s increasingly vulnerable security landscape. So what measures can the public sector take to insulate itself from the growing risk of cybercrime?
Training and awareness
Cyber-security is not only the responsibility of IT specialists; it affects everybody working in the public sector, along with the citizens themselves, so this must be front of mind for everyone within an organisation. However, all too often, the responsibility for security starts and ends with the IT department, meaning that these incidents continue to occur. Either senior management staff are ignorant to the importance of good security hygiene, or information security professionals are failing to communicate the message. Company leaders must champion this by ensuring cybersecurity education and awareness training is regularly carried out. By doing so, employees will be more likely to behaviour in a way that will prevent data leakage.
Additionally, the Cyber Essentials Scheme is a government backed initiative that aims to provide clearer guidance and advice for organisations looking to improve their cyber security housekeeping. It’s aimed at those who might not have a dedicated in-house IT staff responsible for cyber security – although most public sector departments will have this in place, the advice available is certainly valuable in providing the solid foundations to improving security practices.
The threat landscape is constantly changing so it’s vital for organisations to keep up to date with the latest developments in cyber security. Any new security risks – no matter have minor they seem - should be communicated throughout the whole organisation so employees understand what to look out for and what’s best practice in preventing these risks.
Eliminate outdated processes and technology
Instilling a security mind-set throughout an organisation through training is the first half of the battle. Organisations also need to make greater strides in managing security processes. If the public sector wants to really achieve the benefits of going digital, they must constantly remain ahead of cyber-criminals by implemented new technologies solutions that are capable of fighting the increasingly advanced tactics of hackers.
Ultimately, designs that were once suitable have not been updated to keep up with the increasingly digital economy of today. As a result, hackers are able to capitalise and steal information much more easily. Public sector organisations should work closely with experts in security to adopt new tools and practices that offer the utmost resilience against threats.
By way of example, biometric technology, when combined with technology to eliminate passwords, is an alternative means of authentication, as opposed to traditional passwords, and makes it easier for organisations to determine exactly who is accessing a system or application. As this technology is unique to each individual, biometric authentication creates accountability; every transaction or action is documented along with the individual associated with it. Continuing to use password technology is a bit like putting a sign on your front door saying you left they key to your house under the mat!
Now is the time for companies to get their houses in order as the real threat businesses face is not just how much a cyber breach is going to cost, but the cost of having to tell everyone. This is even more crucial now as the deadline for the General Data Protection Regulation (GDPR) approaches. Under these new regulations, data breaches could lead to fines as high as €20m or up to 4 per cent – whichever is greater, of a company’s global turnover if there is a breach.
Ultimately, preventing cyber-crime is as much about cultural change as it is about technological solutions. Data is one of the most valuable assets an organisation has, therefore the security solutions used to protect this information must adapt. At the same time, everyone within an organisation must treat cyber-crime as they would tackle physical security. The future of any organisation that wants to insulate itself from the growing threat of cybercrime depends on this.
Dave Worrall, CTO at Secure Cloudlink
Image Credit: BeeBright / Shutterstock