Improving the state of cyber security in the public sector

It is more important than ever before that the public sector keeps pace with the evolving threatscape and harnesses the power of new technologies and reliable security frameworks, writes Ben Johnson

Since the start of the pandemic, the public sector has come under increased threat, and cyber attacks are more prevalent now than ever before. In fact, GCHQ recently disclosed that the number of ransomware attacks on British institutions doubled between 2020 and 2021. Although the sector is gradually becoming more digitally mature, there is still a long way to go and many publicly-owned organisations are under-resourced, overstretched and uncertain on how to establish a clear cybersecurity strategy.

However, in January 2022, Chancellor of the Duchy of Lancaster, Steve Barclay, published a statement announcing the UK government’s first ever Cyber Security Strategy to shore up the sector’s resilience. He drew on recent examples of cyber attacks that occurred in the public domain, including the incident in Redcar and Cleveland, where residents couldn’t access key services or seek social care advice after the council’s computer systems and website came under attack.

Similarly, in 2020, Hackney Council experienced a ransomware incident where essential council tax, benefits and housing services were severely impacted. The effects are still being felt today, with reports that the breach cost the council £10 million and could have resulted in the loss of life. But the unveiling of the government’s first ever cyber security strategy promises to strengthen critical public functions - across government, healthcare and education - ‘realise the ambitions set out in the Integrated Review and National Cyber Strategy, and help cement the UK as a democratic and responsible ‘Cyber Power’’.

It’s excellent to see that UK government is investing in a cybersecurity strategy specifically to support the public sector, as well as launching a new Government Cyber Coordination Centre (GCCC). However, as recent breaches have shown, the damage caused by cyber attacks and the data that can be leaked from the public sector is unfathomable. What’s more, government cybersecurity teams are on even higher alert in the current climate, as global tensions remain high following Russia’s invasion of Ukraine on 24 February. So, how can organisations in the public sector, and UK government in particular, best protect themselves in this ever-evolving threat landscape?

Why is the public sector becoming a key target for cyber criminals?
It is common for government run organisations to become targets for cyber criminals, as they often provide critical services that, if compromised, would cause severe disruption nationwide. Alongside the criticality of their infrastructure, the public sector is constrained by budgets that are far tighter than private businesses and therefore have less resource to invest in a comprehensive cyber security strategy, or even to upgrade their legacy IT. This combination is hugely appealing to criminals that look to cause the most damage to get the highest reward from their attacks. It is important to note that the cyber criminal industry has progressed significantly from the ‘spray and pray’ approach that it deployed in the past; today, organisations will be carefully targeted, and their vulnerabilities well assessed.

However, the UK government is now investigating how they extract the most value out of their current legacy IT systems, including ways to secure them. Currently, 45 per cent of IT spend in the public sector is allocated for legacy IT. But as cyber threats increase, organisations are beginning to embrace digital transformation and cloud adoption, as these offer much greater cost savings and a stronger security strategy in the long run.

The power of technology
For the public sector to protect against malicious activity, it must first understand the technologies available to combat potential threats. Due to budget constraints, it is not always possible to completely retire legacy IT, and often, this older technology plays a key role in the IT infrastructure. While it can be integrated with new technologies, this is where issues arise and gaps in visibility between hardware and software occur. This is because traditional network monitoring tools are unable to get a clear sight in the cloud, whereas cloud tools function specifically with a view into the cloud environment.

In overcoming this challenge, local and central government bodies must ensure that the solutions they use are optimised. To do this, visibility gaps must be eliminated. When blind-spots occur, it presents an opportunity for cyber criminals to infiltrate a network and move through systems undetected, sometimes for long durations. Ransomware is becoming a prolific threat for the public sector and SecOps teams must recognise that they can only protect against the attacks they can see.

Following the government’s announcement in January, and with cyber investment is more readily available, IT leaders should look at how they can introduce full observability into their hybrid environment. In particular, the public sector should look to leverage visibility-as-code, to gain actionable insights that will enable security teams to bolster their cyber strategy and keep cyber criminals at bay. This deep level observability – from the core to the cloud and back again– is invaluable. And by ensuring IT teams have complete visibility across their technology stack, they will be best placed to use the intelligence this provides to tighten security and drive forward performance.

Implementing a Zero-Trust framework
Across all sectors, remote and hybrid working has become the norm – even for the public sector. However, an increase in working from home brings a new set of risks. The ‘implicit trust’ we extended across our networks and to internal users is being used against us, with attacks that could expose critical data or cause network failure, and they are coming from every angle.

Implementing appropriate security settings and blocking non-IT approved applications are key actions here, but the need to combat attacks from both outside and inside an organisation requires a different approach. Adopting a Zero Trust framework can help with this extra protection, as it means that anyone trying to access an organisation’s resources are required to undertake identity verification whenever they request access to the network – removing the ‘implicit trust’ that can often leave networks vulnerable to attacks. For the public sector in particular, that is often made up of a number of departments and has a wide network of third-party organisations in their supply chain, this framework can help to significantly reduce the risk of an attack. Again, deep observability remains key for ensuring the success of this approach. The very nature of Zero Trust is thorough inspection of all data and the ability to stop adversaries traversing an IT infrastructure laterally undetected.

As the risk of attacks rises and defending public organisations becomes even more critical, it is more important than ever before that the public sector keeps pace with the evolving threatscape and harnesses the power of new technologies and reliable security frameworks. At the very heart of this lies deep observability, as seeing threats early means faster identification, reaction and recovery.

Ben Johnson is Regional Director at Gigamon.