Afshin Attari is Senior Director Public Sector at Exponential-e, which provides Cloud, IT and network services to more than 3,000 companies. The services offered are underpinned by a carrier-class fibre network and Cloud infrastructure, meaning enterprise applications are delivered at wire speed for a superior end-used experience.
Limited resources and budget constraints have historically stifled local government’s ability to invest in comprehensive cybersecurity infrastructure. The use of outdated systems and the lack of appropriate training have made authorities more vulnerable to cyberattacks.
There has, however, more recently been a shift in the market, with councils looking to enhance their cybersecurity defences. But what does the sector need to think about to progress?
Fixing inconsistent security measures
Government IT environments are often fragmented across multiple departments, each with its own IT infrastructure and security policies. This fragmentation can also lead to inconsistent security measures and gaps in protection.
As challenging as it is, a lot of support is available and there are some vital steps that public-sector organisations can take to mitigate cybersecurity risks and safeguard assets and data from cyber threats.
The capabilities for defending against malware have evolved significantly, from isolated antivirus software on corporate servers and workstations to advanced eXtended Detection and Response (XDR) systems that offer advanced threat protection by correlating security events across the entire IT service portfolio. This can include remote endpoints, cloud identity providers, SaaS and cloud-based applications, and network security appliances.
Decentralising perimeter protection
The evolution of technology has led to a blurring of once clearly defined network boundaries. This has caused the perimeter to become more dispersed, requiring us to adapt and evolve our security capabilities. Powerful security capabilities provided by next-generation firewalls now need to be provided by decentralised perimeter protection.
Decentralised perimeter protection is where the protection of an organisation’s assets is distributed across various points rather than being concentrated at a single place. Traditionally, security models relied on a strong, centralised perimeters such as firewalls to protect everything inside a network. Today, organisations are moving towards more distributed and cloud-based environments. This is because cyber security is becoming harder to centralise as the nature of work changes, IT environments become more diverse and civil servants and council employees increasingly work remotely.
Using technologies such as Secure Access Service Edge (SASE), which connects distributed sites and users, and Zero Trust Network Access (ZTNA), which provides secure remote access, local authorities can protect both office and remote workers with robust security capabilities and ensure privacy through encryption.
Visibility of vulnerabilities
Ensuring a secure environment involves having centralised visibility of vulnerabilities such as security patching, misconfigurations, alignment to deployment best practices and secure baselines that are consistently measured, reported and mitigated as they arise. Technology for vulnerability management, continuous assessment and reporting against the state of the environment using industry-standard threat intelligence helps to always ensure a secure configuration on all systems.
Despite the evolution of complex attacks such as Advanced Persistent Threats and Ransomware, social engineering attacks like phishing remain the most reported breaches. Mitigating these threats requires a two-pronged approach. While technologies like email malware protection can help detect and prevent attacks, increasing user awareness through cybersecurity training is also crucial. This emphasis on user education makes each individual feel responsible and integral to the cybersecurity process. Educating users to identify malicious or suspicious emails and credential-harvesting web pages is a key defence strategy as phishing attacks become more sophisticated. Technologies such as Privileged Access Management (PAM) are also important in limiting the damage that harvested or spoofed credentials can do by restricting the ability for escalation of privileges or the scope of the attack.
When a security incident occurs, organisations with a documented tested, and well-established incident response and incident management (IM/IR) process, where key cybersecurity and business stakeholders understand their responsibilities, reporting and escalation processes, can effectively mitigate or neutralise a threat.
Aligning people, processes and technology
The technology landscape, including tools, technology and vendors, is vast. Organisational defence strategies often consist of disconnected islands of capabilities that perform vital protection, detection and response tasks. At the heart of cybersecurity is central visibility of all this telemetry and the ability to correlate seemingly unrelated events to enable your cybersecurity professionals to make quick decisions. However, people, processes and technology must be aligned to be effective.
Updating IT infrastructure, increasing investment in security technologies and fostering collaboration between agencies are what’s needed to strengthen cyber threat defences.
We also mustn’t forget the importance of training. Employees or contractors with access to sensitive information may inadvertently compromise security, while inadequate cybersecurity training can lead to poor security practices, such as weak passwords or falling victim to phishing attacks. Enhancing public-private partnerships can greatly help mitigate risks in all of these areas and will help the public sector adopt a comprehensive approach to cybersecurity.
In related news:
Regulatory Innovation Office established by Science Secretary
UK Government brings together tech experts to oversee ‘digital centre’ creation
Leave a Reply