The reality of cyber risk in today’s public sector (Guest blog by Canon)

Since the pandemic and the shift to hybrid working, the public sector has expanded far beyond its traditional parameters, with the majority of its organisations today becoming increasingly digital. Whilst this has brought many benefits, the acceleration of digital transformation has not come without its risks.

Over the last few years, we have seen a huge increase in cyber-attacks as criminals have sought to take advantage of vulnerable, dispersed workforces. A poll released by Allianz-Versicherung earlier this year, revealed that cyber incidents have now become the most important business risk. When we look at the public sector in particular, UK councils have been targeted with an average of 10,000 cyber attacks daily since the beginning of 2022.

It is important that organisations understand the very real and severe impacts that cyber-attacks can have – and this is not only limited to a government body’s financial losses and reputational damage. Interruption to any part of the UK’s critical national infrastructure could cause serious disruption to our lives, the economy and public safety. It is also important to note that the impact of cyber crime on public sector organisations is often felt more by those who are less financially secure and who may depend more on their local councils and the wider public sector for essential services.

Public sector cyber-attacks are particularly destructive because of the number of lives they impact. Several attacks on local councils have left systems unavailable for staff to deliver essential services, leaving them with months of painstaking work in order to recover. 

As cyber crime continues to evolve as a profession, it is becoming increasingly difficult to prevent – a harsh reality organisations must come to terms with. Whilst the need for information security has never been more urgent, the focus needs to be on managing risks rather than eliminating incidents - with a mindset shift towards cyber resilience rather than prevention. 

Strengthening cyber resilience

While prevention cannot be guaranteed, cyber resilience refers to the ability to detect, respond to and recover from cyber-attacks.

This starts by opening up conversations with employers and colleagues about the resources that are available to them. There are many instant response exercises and training resources that can better equip employees for when a cyber-attack takes place.

For example, Cyber Griffin, founded by the City of London Police, has developed a useful resource which supports businesses, including public sector organisations, which are located within London’s square mile. The resource aims to protect infrastructure  from cyber crime and includes award-winning table top exercises to explore the decisions that people make in order to protect themselves from modern day threats.

What actions are needed?

With the nature of cyber crime constantly evolving, organisations must endeavor to develop resilience. It’s impossible and impractical to stop every attack, so focus on staff training and recruitment to enhance levels of expertise. Cyber security audits can also help identify risks and ensure that technology and processes are robust and up to date.

IT departments must look to implement vital technology such as software security updates, patching, data backup systems and tighter verification methods for employees.  Monitoring cyber trends in the media, and adapting accordingly, can also help maintain stronger systems for the long term.

Organisations should also consider UK Government backed scheme, Cyber Essentials, which helps to protect against a wide range of the most common cyber-attacks.  There are also a number of insurance policies available, which can provide cyber crime response services, in the unfortunate event of an attack taking place.   

Overall, public sector organisations must continue to evolve their cyber security posture in line with the rising ambitions of attackers. With threats only set to get more sophisticated and targeted, the public sector must arm themselves with the right technology and processes to mitigate cyber risks for the future.

To discover more about Canon UK and Ireland’s work with the public sector, please see: https://www.canon.co.uk/business/solutions/public-sector-procurement/central-government/

Help to shape and govern the work of techUK’s Cyber Security Programme

Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.

*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.

Upcoming events 

Get involved

All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.

Cyber Security Management Committee

The Cyber Management Committee sets the strategic vision for the cyber security programme, helping the programme engage with government and senior industry stakeholders.

Cyber Security SME Forum

The CSSMEF is comprised of SME companies from the techUK membership. The CSSMEF seeks to include a broad grouping of different SME companies working in the Cyber Security (CS) sectors.

Authors

Quentyn Taylor

Senior Director - Information Security, Product Security and Global Response, Canon EMEA

Using the power of stories and his own experience of testing products to destruction; Quentyn has embraced building business relationships across the world - whilst driving Canon’s strategy and educating business customers around minimising their security risk. Before joining Canon, Quentyn worked in a variety of industries, including Internet service providers and startup businesses.