How the public sector is keeping UK citizens safe from cyber-attacks

cyber-attackExperts at the World Economic Forum classified the threat of a cyber-attack as one of the top three most probable global risks of 2018, along with extreme weather events and natural disasters.

For the public sector, the cyber-attack threat is even more acute – hacking into a government body by digital means can be done remotely by an unidentified actor and can happen remarkably quickly.

Our own research at Fujitsu found that 76.7% of public sector organisations said that they were undergoing digital transformation – the highest percentage of any sector we surveyed. This is largely a positive thing, making sure government works more efficiently and delivers better services however, new technologies can leave you more vulnerable to hackers.

How can government organisations embrace digital transformation while ensuring that their systems citizens’ data are kept safe?

Going back to fundamentals

In 2017, the headline-grabbing Petya and Wannacry outbreaks exploited a vulnerability to software propagation that was known months before the attack.

Patching could have prevented this attack. Patches are simply fixes and/or updates that address vulnerabilities in programmes or software.

It’s easy repeat the mantra “patch whenever necessary”, but business reality means that sometimes this isn’t the right move. For example, you might choose not to patch a critical vulnerability in a financial system if it’s the day before the end of the financial year, for fear of breaking the system.

To mitigate this risk, Cyber Threat Intelligence (CTI) can function as an early warning mechanism, pointing security professionals towards the vulnerabilities which should be a patching priority.

At its core, effective CTI provides strategic direction that cuts through the complexity of patch management, indicating where attention is most needed. For example, a threat advisory that addresses a vulnerability early can protect an organisation months before hackers begin developing a ransomware variant to take advantage of that vulnerability.

Taking the battle to the front lines

The number one way of compromising an organisation’s security, even today, is still a phishing email with a malware exploit sent directly to an employee. Cyber attackers have a keen understanding of human error and the kind of mistakes ordinary people can make when confronted with an official-looking email.

According to our recent research, only 51% of public sector organisations are confident that their employees have the right skills to take advantage of new technology. It’s reasonable to assume that these same people will also not have the correct knowledge to ensure that they’re using these technologies in a secure way.

Upskilling users is one of the most cost effective ways of reducing the probability of a human error that leads to a cyber-attack. For budget-conscious public sector organisations, it’s a good way to bolster the first line of defence. The generic, one-off IT training session isn’t enough –it needs to be adapted to how employees are using their technology and the kind of tools they use on a regular basis, as well as their seniority.

A confident public sector

It’s vital that public sector organisations know that they can embrace the future safely, without exposing themselves to malignant actors in cyberspace.

A two-pronged approach can help them tackle the risk. By ensuring that their employees understand the risks and use digital tools in a secure way, public sector organisations can ensure that they have a strong first line of defence. Investing in the latest and best of security technology and controls – whether that’s CTI or machine learning-fuelled monitoring – will be the first step in proactively identifying and managing threats instead of waiting for breaches to happen.

By Paul McEvatt, Fujitsu.

To read more, visit Fujitsu’s blog here or visit our Twitter, LinkedIn and Instagram pages, using the social handle @Fujitsu_NI.

Share This:

Share on facebook
Share on twitter
Share on linkedin