It has not gone unnoticed how every part of daily life is becoming increasingly online. With this comes greater pressure on ensuring that data, personal or professional, is kept safe and secure.
According to the Cyber Security Breaches Survey 2024, the past year has seen half of business and a third of charities suffering from a cyber breach, with the public sector not being exempt from being targeted by cyber criminals. In this case, organisations in the public sector risk exposing sensitive information about residents, or the inner workings of the organisation.
In order to discuss the biggest threats to cyber security, and how it can be improved, Public Sector Executive hosted the 2024 Public Sector Cyber Security Online Conference, bringing a number of experts together in front of PSE’s audience.
Some of the organisations that were represented at the conference included:
- National Audit Office
- Department for Work and Pensions
- Cabinet Office
- Ministry of Justice
- West Midlands Combined Authority
Secure by Design Digital Transformation
To try and drive digital improvements, councils spend approximately £1bn to £2bn on IT every year, with up to £1bn being used to maintain systems that are outdated. By maintaining legacy IT systems, organisations are making themselves vulnerable thanks to the poor integration that exists between the modern solutions and the old IT – this could then lead to millions of pounds worth of recovery costs.
Discussing how the sector can become secure by design and use cyber security as a foundation for successful transformation, host Nicole Norman was joined by Jonathan Pownall (National Audit Office), John Keegan (Department for Work and Pensions), and Babatunde Cassim.
“Legacy and data are two of the big issues that government is facing when it comes to digital transformation” – Jonathan Pownall
Safeguarding Data
The second session of the day was delivered in partnership with Armour Comms, and saw David Terrar (Cloud Industry Forum), Glen Hymers (Cabinet Office), Andy Lilly (Armour Communications), and the returning Jonathan Pownall come together to discuss the data challenges that public sector organisations face and what improvements might be required.
This comes pane; against a backdrop of recent cyber-attacks leaving an increased level of concern around the safety of data.
“What we’ve experienced in the last 18 months with generative AI, they’ve great for productivity in organisations… but they’re also available to the bad actors, so that makes (safeguarding data) more of a challenge.” - David Terrar
Cyber Resilience
By improving cyber resilience, organisations are better placed to not only protect against, but also detect and respond to, cyber-attacks. With the government’s Cyber Security Breaches Survey 2024 finding that 97% of breaches could have been prevented with modern services, cybercrime is costing the country around £4.6 billion every year. Once an organisation has been breached, it is key that they are able to quickly restore their functions to ensure that service delivery is not disrupted.
To discuss this, and understand the four key steps of cyber resilience, the third panel discussion of the day brought together Cllr Abdul Jabbar (Oldham Council), Sean Busby (Ministry of Justice), and Anthony James Garrett (Essex County Council).
“I think the challenge with local authorities especially, but public bodies generally, is that there’s only so much resource to go around.
“You have to be realistic about your spend… define those things that are most important to you. Ultimately resilience is about absorbing the impact of something and then being able to recover from it.” – Sean Busby
How to Tackle Social Engineering
One method that cyber criminals use to get into an organisation is social engineering. This approach uses psychological manipulation to make users think that they are interacting with a safe source, rather than someone who wishes to access the data that they hold. Phishing is one of the more famous of these approaches, with 84% of businesses and 83% of charities seeing users deceived into inadvertently causing a breach.
Discussing this issue was Scott Barnett (NHS National Services Scotland), Tony Proctor (West Midlands Combined Authority), Rachael Medhurst (University of South Wales), and Sean Busby.
“Training is a massive factor, but it's also about how the training is done. Is it being tested?
“If a member of staff has just jumped straight through it, what have they learnt from that?” – Rachael Medhurst
Keynote – Simon Salmon
Delivering the day’s keynote was Simon Salmon (Nottingham City Council), who explored how organisations can make the most of their projects to ensure cyber resilience.
Simon discussed how organisations across the sector are all working with budgets that are either finite or shrinking, despite the threat landscape increasing. Delving into his work at Nottingham City Council, Simon raised the issue of ensuring that all assets are protected with different levels of security, whilst also making sure that all assets are accounted for.
“If we’re going to protect something, typically we protect in order of value.
“We instinctively, as individuals, protect according to asset value. If we don’t know what assets we have, how can we protect them?” – Simon Salmon
AI Innovation and Safety
The final session of the day was focused on artificial intelligence and how the public sector in the UK can become a leader in the development of safe, responsible, and transparent AI, whilst laying the foundation for future innovation within the sector. Alongside this, the panel discussed how AI can improve productivity and efficiency across working practices.
Exploring this matter was Sherin Mathew (West Yorkshire Combined Authority), Chris Faires (Hertfordshire County Council), and David Terrar.
In order to gain the key insight on offer from the experts who took part in Public Sector Executive’s 2024 Public Sector Cyber Security Online Conference, watch on demand now.