Public Sector Focus

11.12.17

Public sector cyber security needs to fight back

Getting security wrong during the transition from paper to digital could mean a loss of public confidence in new services, argues Graeme Stewart, director of public sector at Fortinet UK&I.

From ransomware attacks against the NHS, to cyber-attacks on parliamentary email accounts, it’s safe to say that it’s been a bad year for cyber security in the public sector. Technology may be one of the UK’s fastest-growing industries, but the public sector is still faced with risks that arise during the transition from paper to digital.

Public sector organisations across every service stand to lose valuable data which is vulnerable to criminals. This can range from high-value research from universities to patient records and even sensitive information shared by government officials. So why is the public sector struggling to prevent cyber-attacks?

Budget constraints are universal across all public sector services, and IT managers are increasingly finding themselves tasked to do more with less. As a result, basic security hygiene has always been an Achilles heel for public sector organisations. The most high-profile example of this is the recent WannaCry attack, which crippled the NHS and was able to spread due to a failure to patch a known exploit. Security is unfortunately not seen as an enabler to business operations, so even basic security practices can fall by the wayside. Fostering a culture of security amongst employees at every level is key to putting a stop to preventable cyber-attacks and must be factored into any cyber security program. This means encouraging employees to update systems regularly and to be wary of suspicious emails and links.

The rapid transition from paper to digital means that the public sector is also faced with a widening cyber security skills gap, with industry estimates suggesting that there could be up to three million unfilled jobs in the cyber security industry by 2021.

The issue is compounded by few graduates with the necessary skills. The government has started to take action with initiatives such as the Cyber Schools Programme, which aims to provide young people aged 14-18 with cyber skills by 2021. A complete overhaul in how cyber security talent is developed should play a key part in defending the public sector from cyber-attacks.

Another issue holding back public sector cyber security efforts is that many organisations see cyber security spend as an unnecessary cost of business, with minimal ROI. This is a damaging misconception, especially for public sector organisations looking to minimise costs. When you consider that a medical record is worth 10 times as much as a credit card number on the black market, it’s no surprise that research shows 34.4% of all breaches worldwide are hitting the healthcare industry. There is a cost associated with breaches but, aside from the financial impact, breaches can bring about lawsuits and regulatory penalties and compromise not only patient data but patient care. As we saw with WannaCry, when malware prevents NHS staff from accessing systems, the ability to deliver care is affected.

With research from Vanson Bourne showing that the NHS alone is projected to save £15m a year by investing in cyber security, it should be viewed as an enabler to allow operations to not only become more agile, but to also save money. In order to unlock the potential of digitisation, public sector organisations must prioritise cyber security, which will in turn improve quality of patient care and levels of patient trust.

Whilst the UK government has pledged to bolster the public sector’s cyber security systems with a £21m investment, it is pivotal that escalating issues such as the skills gap, legacy systems and employee education are addressed. At a time when public sector budgets are already being cut, getting security wrong during the transition from paper to digital could mean a loss of public confidence in new services. Not only this, but with the introduction of the General Data Protection Regulation in May 2018, public sector bodies must ensure that they avoid fines. However, loss of public confidence in services could be much more damaging in the long term. It’s vital that organisations prioritise educating employees about the dangers of phishing and social engineering.

FOR MORE INFORMATION
W: www.fortinet.com

Comments

There are no comments. Why not be the first?

Add your comment

 

public sector executive tv

more videos >

latest public sector news

Birmingham City Council’s children’s social care services avoids ‘inadequate’ rating

17/01/2019Birmingham City Council’s children’s social care services avoids ‘inadequate’ rating

Birmingham City Council’s children’s social care services have broken a decade of ‘inadequate’ ratings after Ofsted inspe... more >
Oxfordshire County Council moves forward with £50m-savings transformation plan which could see 900 jobs lost

17/01/2019Oxfordshire County Council moves forward with £50m-savings transformation plan which could see 900 jobs lost

Transformational plans for Oxfordshire County Council could see 890 jobs lost in a bid to save £50m, as councillors meet today to discuss t... more >
Mayor-elect quits over controversy surrounding wife’s involvement in TV executive murder case

16/01/2019Mayor-elect quits over controversy surrounding wife’s involvement in TV executive murder case

The mayor-elect of the London Borough of Redbridge has dramatically withdrawn his nomination after it emerged that his wife was involved in the b... more >

editor's comment

25/10/2017Take a moment to celebrate

Devolution, restructuring and widespread service reform: from a journalist’s perspective, it’s never been a more exciting time to report on the public sector. That’s why I could not be more thrilled to be taking over the reins at PSE at this key juncture. There could not be a feature that more perfectly encapsulates this... read more >

last word

The importance of openness after Grenfell

The importance of openness after Grenfell

Following the recent Grenfell Tower tragedy, Lord Porter, chairman of the LGA, argues that if the public are going to have faith in the safety testing process then everything must be out in the o... more > more last word articles >
149x260 PSE Subscribe button

the raven's daily blog

Top 5 reasons why you should claim your free EvoNorth delegate pass today

17/01/2019Top 5 reasons why you should claim your free EvoNorth delegate pass today

If you're looking to find out what's happening in the Northern Powerhouse, make new connections, and share innovative ways of working, confirm your attendance for EvoNorth on 27 - 28 Feb 2019. 1 - You'll gain an invaluable insight into what's happening across the north We have a wide range of speakers from across a number of sectors comi... more >
read more blog posts from 'the raven' >

comment

Government accountability: A year in crises

15/01/2019Government accountability: A year in crises

From Windrush to Univerisal Credit: the Institute for Government’s (IfG’s) accountability lead Benoit Guerin discusses how we can ave... more >
Rethinking public-private partnerships

15/01/2019Rethinking public-private partnerships

Trinley Walker, senior policy researcher at the New Local Government Network (NLGN) considers some different ways of approaching the relationship... more >
Fracking: divest to invest

07/01/2019Fracking: divest to invest

Deirdre Duff, divestment campaigner at Friends of the Earth, takes a look at local authorities’ role in fracking. The fossil fuel indu... more >
Building credit with the public sector

07/01/2019Building credit with the public sector

Mark Morrin, localism lead and principal research consultant at ResPublica, makes the case for salary-deducted lending to sit alongside a broader... more >

interviews

Digital innovation in the public sector: The future is now

17/12/2018Digital innovation in the public sector: The future is now

One of the public sector’s key technology partners has recently welcomed a new member to its team. Matt Spencer, O2’s head of public ... more >
Artificial intelligence: the devil is in the data

17/12/2018Artificial intelligence: the devil is in the data

It’s no secret that the public sector and its service providers need to invest in technology to help make better use of their resources. Bu... more >
New Dorset Councils CEO on the creation of a new unitary: ‘This is going to be the right decision for Dorset’

05/11/2018New Dorset Councils CEO on the creation of a new unitary: ‘This is going to be the right decision for Dorset’

The new chief executive of one of the new unitary authorities in Dorset has outlined his approach to culture and work with employees, arguing tha... more >
Keeping the momentum of the Northern Powerhouse

15/10/2018Keeping the momentum of the Northern Powerhouse

On 6 September, the biggest decision-makers of the north joined forces to celebrate and debate how to drive innovation and improvement through th... more >