GPSJ WINTER 2023 2024 LATEST - Flipbook - Page 9
IT & IT SECURITY
linked to wider geopolitical tensions.
But this is not the only threat.
The survey found that careless or
untrained insiders (58%) still posed
a security threat despite all the work
that is done to make sure staff follow
cyber hygiene rules and protocols.
When pressed about what
threats kept them awake at night,
top of the list were trojans, spam,
and ransomware, with unsolicited
emails being the most common
threat impacting public sector
organisations over the last 12
months.
IT complexity continues to
perplex
Sascha Giese,
Tech Evangelist at SolarWinds
Merseyside was targeted in what
was believed to be a ransomware
attack.
In a report published by Computer
Weekly, the council admitted that
it had “put in place a number of
security measures to keep our IT
networks running safely.”
The council is not alone. A
report by insurance broking and
risk management firm, Gallagher,
published in 2022 found that UK
councils are hit by around 10,000
cyber-attacks every day. Its figures
were based on a Freedom of
Information (FOI) request that
investigated the scale of cybercrime
against UK local authorities.
“Based on the proportion of
councils who shared data on cyberattacks, the size of the problem is
likely to be significantly greater,” said
Gallagher.
The report went on to state that,
“scaling up these figures accordingly
to reflect response rates, the
true number of attacks across all
councils is estimated to be more
than 11 million in 2024.”
While these figures relate to the
UK, it’s clear that the escalation of
cyber threats — from rogue states
and cyber criminals — is a global
issue.
I n May, SolarWinds published
its eighth annual Public Sector
Cybersecurity Survey Report.
Although the report focuses on
responses from decision-makers in
the US, the findings should strike a
chord with governments, agencies,
and public sector bodies around
the world as they battle the everincreasing threat of cyber-attacks.
Foreign governments top list
of cyber security threats
With unmistakable echoes of the
UK’s first recognisable cyber-attack
by another state, the survey found
that public sector respondents now
see foreign governments (60%) as
the greatest source of IT security
threats to their organisations.
For those that work at a federal
level, foreign governments have
become a significantly greater
source of IT security threats with
reports nearly doubling from 2014
(34%) to 2023 (63%).
The recent spike in threats from
foreign states is more than likely
It’s clear that the pressures facing IT
professionals working in the public
sector are immense. Despite recent
pressures on the public purse, the
report found — for the first time —
that budgetary constraints were not
the most significant obstacles facing
the public sector in dealing with
cyber security.
Instead, IT complexity topped
the list with two-thirds (66%) saying
that their IT environment was either
“extremely” or ”very complex” to
manage. At the same time, only 5%
said they felt “extremely confident”
in their ability to manage these
environments, according to the
Public Sector Cybersecurity Survey
Report.
This finding underlines a
noticeable trend in recent years that
managing the IT systems of public
sector organisations is becoming
increasingly complex.
Hybrid IT adds to complexity
The post-pandemic shift to hybrid
working — for vast swathes of the
workforce, not just government
workers and other public sector
employees — has heaped even
more layers of complexity onto
already stretched IT systems
And in a bid to manage this,
technology departments have
reported an uptick in tool sprawl
as IT professionals seek a way to
manage their IT estate and keep it
safe. All too often, these disparate
tools can prove to be cumbersome
to implement and manage. They
can become costly to maintain
and scale, which in turn creates
operational and business risks.
In other words, the knock-on
effect of tool sprawl — deemed
to be a solution to increased
GPSJ
complexity — has simply made
things worse.
In fact, the SolarWinds survey
found that IT complexity has
increased across all public sector
organisations with the top three
barriers cited as an insufficient
number of IT staff (41%), followed by
time constraints (39%), and budget
issues (35%).
IT teams turn to zero-trust to
build cyber defences
These pressures — and the
increased threats from foreign states
and IT complexity — are helping
to provide a continued focus on
security and the importance of a
zero-trust approach.
According to the survey, 89% of
public sector respondents have
bought into the importance of
implementing a zero-trust approach
– up from 85% in 2021.
This hardening approach to zerotrust security — which assumes
no implicit trust within the network
and requires verification for every
user and device trying to access
resources — is a response to the
importance of growing threat levels.
And while cybersecurity should
always be uppermost in the mind of
IT teams, it’s not the only weapon in
their armoury.
Earlier this year, for example,
seven Russian nationals were
sanctioned by the UK and the US
for having links to ransomware
attacks in what was described as
the “first wave of new coordinated
action against international
cybercrime”.
Speaking at the time, the UK
Foreign Secretary, James Cleverly,
said the sanctions sent “a clear
signal to them and others involved in
ransomware that they will be held to
account.”
While the use of technology,
security tools, and best practices
are an important part of the defence
of critical infrastructure, the role of
government is also key.
When tackling cybercrime, it’s
not just the protection of sensitive
data that is at stake. National
infrastructure including transport,
utilities — even healthcare — are
also in the crosshairs of rogue
states. Governments and IT
professionals must do everything
they can to keep assets, data, and
people safe.
GOVERNMENT AND PUBLIC SECTOR JOURNAL WINTER 2023/2024
9