‘Threat of largescale damage to UK public sector’ warns think tank

Reform calls on the government to address failings in public sector cybersecurity

Posted 16 October 2020 by Christine Horton

new report has described the UK public sector as vulnerable to cyberattacks.

The report, issued by the think tank Reform, points to a reliance on outdated systems and “patchwork” cybersecurity. It calls on the government to address this in the next update to the National Cyber Security Strategy to be published soon.

“Without sound infrastructure, investment in maintaining or updating that infrastructure, and a cyber-aware workforce, there is a threat of largescale damage both to the UK public sector and wider society,” noted the report.

It its conclusion, it said: “The Government needs to take greater action to address the digital skills gap in the public sector workforce. Basic IT processing and understanding of vulnerabilities across the workforce is paramount to security. This can be achieved through more rigorous training schemes.

“More effective maintenance of infrastructure across the sector is also needed. Legacy systems make organisations vulnerable if not maintained properly, and stricter enforcement methods, such as a yearly audit, would aid this.

“Finally, spreading good technology would help to solve the local-national divide. Central government can facilitate this with clear manufacturing protocols and kitemarking cyber-secure products, which can increase security across the board’

“The UK has set the ‘gold standard’ in terms of cyber security policy, the next iteration of the NCSS should address these issues to maintain the UK’s position as a world leader.”

Clear warnings

Commenting on the findings, Faiz Shuja, co-founder & CEO at security firm SIRP Labs said they highlight the UK public sector’s lack of readiness to withstand another WannaCry-like attack – despite clear warnings.

“Highly damaging ransomware attacks are on the rise. Since July the US Cybersecurity and Infrastructure Security Agency (CISA) has registered 16,000 alerts for Emotet alone. Meanwhile, earlier this week, London’s Hackney Borough Council became the latest UK public sector body to experience a major cyberattack, he said.

“Our advice to customers is to regularly stress test your Security Operations Centre (SOC) with table-top exercises and attack simulations. This is the surest and most effective way to understand where your vulnerabilities lie and how quickly you would be able to respond should an attack occur. Wherever possible, security teams should have access to tools that show the organisation’s risk profile at-a-glance so they can make fast, informed decisions about the nature and context of threat alerts.”

The report is at odds with research published recently that said government tops the list of sectors most able to withstand a cyberattack in 2020. This report however, was based on global findings and not specific to the UK.