Top 3 Cyber Security Concerns in Public Sector in 2021
This piece was contributed by Dominik Birgelen, CEO of oneclick AG.
Almost everyone can recall a time they were almost hacked or at least targeted for a breach. This goes the same for organisations, with a reported 88% of organisations targeted for spear-phishing attempts in 2019. These attempted breaches are also becoming harder to identify as cyber-attacks due to their ability to look like genuine emails, calls or notifications. Especially during the COVID-19 pandemic as entire workforces took to the internet, phishing attacks increased dramatically.
Yet, the public sector has perhaps more to protect and less infrastructure to do this. In other words, it is no secret that the public sector is often considered to be a ‘soft target' for cyber-criminals. Not only is the sector known for using older, legacy technologies, but it provides access to numerous third party suppliers that opens up a whole new gate of insecurities. Take the NHS as an example, countless outsourced suppliers are contracted for various reasons whether that's medicines optimisation or system assurance support. With so many points of entry, it is these kinds of organisations often targeted by malicious hackers.
What's more, unlike the private sector, public sector organisations need to ensure that any expenditure on IT represents good value for taxpayers money. Money also makes the sector a key target for hackers and political gain through accessing government systems that can be used to influence elections on a local or even national level. The prospects for this kind of data is endless in the hands of a hacker.
Add extra security with the cloud
Technology is helping to solve many of the public sectors challenges and protect various institutions through advancements in the digital landscape. The evolution of cloud computing, which was traditionally valued for its cost saving capabilities, is now invested in its enablement for future innovation. Cloud-based technologies also allow public sector institutions to implement critical cybersecurity measures that prove extremely difficult to penetrate including shielded logins, disconnecting the end user environment and Zero Trust Architecture (ZTA).
Moreover, the National Security Agency's (NSA) recent issuing of the latest cybersecurity guidance on ‘Zero Trust Security Model' in February 2021, was an important step. The report encourages deploying a Zero Trust security principle to better position cybersecurity professionals to secure enterprise networks and sensitive data. The National Cyber Security Centre (NCSC) also advises on migrating to a ZTA through knowing your architecture, including users, devices, and services. This is to ensure critical components are more isolated.
Now, organisations public or private are encouraged to get their hands on cloud-based solutions that exercise the ZTA already built in for this exact purpose.
Perhaps the most pressing threat to healthcare organisations operating in the public sector today is securing third-party systems. As previously mentioned, the most significant health organisation in the UK, the National Health Service (NHS) relies extensively on third-party suppliers to withstand the demand at which it is met with. An expanded ecosystem made up of different suppliers, treatment centers, insurance providers, manufacturers and many more opens up more areas and vulnerabilities for an attack.
Healthcare institutions can look to easily implement the offerings of cloud-based solutions via shielded logins to external partners they're dealing with. Using an authentication service whereby the user's logins are transported via the browser as a client, all other authentication processes are performed by backend systems. This means an extra layer of protection is provided when coordinating third-party involvement. Additional processes in the cloud can be implemented for further security, such as dynamically generated, unique passwords and tokens that the service provider not stored, so that the login information to applications remains hidden for all other users.
National defence, no doubt a vulnerable sector just by nature. However, the cyber threat landscape facing governments and global defence organisations is always changing and hugely complex. Successful cyber attacks can compromise missions and reduce the ability of a military force to function effectively. Therefore, implementing secure cybersecurity defences are absolutely essential when defending systems networks against hostile actors with these motivations. Malware and phishing attacks exploit vulnerabilities on unpatched computers that are the common cause of data breaches.
It is here that a ZTA comes into its own. With a policy that questions every entry attempt, no actor who wants access to defence resources or services in the network is trusted from the outset. What's more, the state-of-the-art solution checks users each time they log in, but their trust status is continuously queried during the sessions. As soon as a slight red flag is reported, the granted access is automatically interrupted and revoked. A cloud-based system that authenticates all individuals, inside or out makes the optimum security solution for defence organisations.
Responsible for the collection of taxes in the UK, HMRC makes a tempting target for malicious hackers. With the majority of public servants having to work from home during the COVID-19 crisis, securing remote access to thousands of employees presents a huge security risk. Immense amounts of personal information and sensitive data is on the line as public servants work across multiple departments to keep the institution running throughout a time of huge disruption.
Cloud solutions that disconnect the end user environment from the corporate hosting environment offer these types of institutions a way to cease employee error and negligence altogether. What's more, certain cloud security softwares only grants access to shared applications rather than the entire corporate network, in the case of HMRC. This allows top-level managers to restrict access to data and ensures that sensitive files can only be downloaded from the server to the end device.
The public sector, just like the rest of the world, has had to remain vigilant to concerns over cybersecurity over the past 12 months. With the majority of data involved, highly sensitive and secured for the protection of the general public, many institutions are made prime targets for malicious hackers. Innovative cloud-based solutions can offer a solution. Implementing end-to-end cloud security systems provide simple yet highly effective barriers for intrusion. Sensitive data cannot afford to wait therefore investing in secure cloud solutions today will ensure safety for tomorrow.