Legacy systems, inefficiency and siloed working are contributing to cyber threats in government and the public sector.
That’s according to Lou Mahanty, managing director of Stratia Cyber, an independent cybersecurity consultancy which provides services for commerce and government, including defence.
Mahanty describes the “initiative-heavy government space” as “a morass of coordinated and uncoordinated activity” undertaken by organisations at different cybersecurity maturity levels.
As such, Mahanty tells TDP there are a range of cybersecurity challenges in delivering citizen services.
“There is a general gravitation towards delivery of shared and discrete services through all of the cloud derivatives,” he said. “There is also dispersed business unit procurement, approvals and operational autonomy. This is reflected in a broad IT real estate including significant shadow IT, software choices, supplier diversification, levels of IT literacy and, most recently, a huge proliferation in user devices and the attendant rules on use.”
However, he said the most difficult cybersecurity space is at interfaces: between user and access to services, handoffs between central and local government, and linkages to the supplier ecosystem.
You might also like
“Beginning to overcome these has to be a judicious combination of good cyber practices, good cyber surveillance and test, user education, and sensible guidance to all organisations,” Mahanty noted.
“Current observations from our team of consultants engaged in big government departments encompass the topics of legacy systems and inefficiency, often so profuse and disjointed that risk must be escalated to the highest common level for remediation.
“Remediation itself is an increasingly difficult challenge as a result of outsourcing, meanwhile siloed working across both central and local government organisations remains an issue – taking steps to reduce this is critical to avoiding deviation from the overall strategy.”
To improve the situation, the exec said organisations must acknowledge that there is a problem, and check that there is an appetite and the means to tackle the problem.
“Then and only then, will they be able to avail themselves of properly accredited and experienced individuals who can deploy meaningful skills and tools to accurately assess the risk envelope, pinpoint risk management regimens, and help to develop remediation at an enduring and sustainable pace,” he said.