An Increasing Threat
In a recent, large-scale survey by OneAdvanced, 38% of central and local government employees reported that their digital systems are ‘very secure’, 47% said their systems are ‘secure’, and 5% felt their systems are ‘not secure’. One in 10 said they were unsure.
These figures suggest a fairly high level of confidence in the security of current systems, although there is enough doubt here to be of concern. This doubt is understandable given the ever-evolving nature of the threats we face today; cyber-attacks are becoming more pernicious, more widespread, and more sophisticated.
And while there is an important discussion to be had about the reasons for these increasing attacks, the key question remains: how can we equip ourselves to tackle cyber threats in the most effective way possible?
Education, Education, Education
When evaluating digital security measures, senior leaders must collaborate with IT teams to put education at the forefront. All staff, at every level of the organisation, must be particularly aware of phishing attempts – typically emails and other messages designed to appear as though they come from a legitimate source. Phishing attempts make up 86% of all cyber-attacks – the importance of being able to recognise them cannot be overstated.
Phishing emails are an entry point for ransomware, the form of malware that hit Redcar and Cleveland in 2020, costing the government an estimated £10m. The infamous WannaCry ransomware attack on the NHS in 2017 was even more damaging, costing an estimated £92m in lost output and IT resource.
Years on, and it appears that government organisations remain vulnerable. A recent parliamentary committee has found that local and central and local government bodies remain open to a ‘catastrophic attack’ that could ‘bring the country to a standstill’ if robust planning measures and systems are not put into place.
Safeguarding IoT
Another common area for cyber-attacks is through IoT (Internet of Things) devices. These days, an increasing number of common devices are in-built with internet connectivity; this increases the attack surface, making organisations more vulnerable to network attacks. Threats include spyware, malware, data theft, and DoS (Denial of Service) attacks.
In local government organisations, IoT devices are commonplace; in office-based environments, examples include smart lighting, smoke alarms, door locks and alarm systems. However, IoT devices have also been deployed on a large scale in the public domain – a result of searching for efficiencies in an era of significant underfunding.
The deployment of IoT devices has formed a large part of government strategy – local authorities and other public bodies have been encouraged to install smart streetlights, intelligent waste management systems, and social care monitoring devices. While these devices may have brought greater efficiencies, they have also increased the chance of attack. In order to mitigate these threats, local government organisations should take the following steps:
- Ensure endpoint protection: endpoints may consist of laptops, mobile devices, and digital printers, on which sensitive data can be stored. Organisations should ensure they have robust endpoint security software in place.
- Prioritise gateway security: this acts as an added layer of security by allowing only authenticated data to pass from one IoT connected device to another.
- Secure networks through MFA: access to networks should be controlled through multifactor authentication, ensuring only verified devices are allowed access to the network.
- Keep software and firmware updated: by updating devices (ensure automatic updates are turned on), organisations are better protected against real-time IoT threats.
- Create strong passwords: employees should create complex passwords containing special characters, numbers, and upper and lowercase letters – these should be changed on a rolling basis.
Management Matters
There are a number of reasons why on-premise security management may not represent the best solution for local government organisations. With issues surrounding cost, skills, and capacity, authorities may consider outsourcing digital security to an experienced 3rd party.
While sensitive public data is best protected in-house on highly secure systems, other areas of the organisation can be managed on a subscription basis. This will ensure the right level of expertise is delivered, and can often result in significant cost savings. Outside management also means that resident IT staff can focus on a multitude of other tasks.
OneAdvanced takes a proactive approach to systems protection by conducting regular vulnerability scanning to identify potential weaknesses. This ensures patches and updates are applied to safeguard critical assets from emerging threats. The team at OneAdvanced also offer consultancy services, providing tailored guidance to address the specific needs of local government organisations.
Don’t miss the OneAdvanced Government Summit in London on 18 September, 2024 – free for local government employees. Spaces are limited, register today.