Editorial

How to ensure digitalisation and cybersecurity keep in step

Sascha Giese, Head Geek at SolarWinds discusses how the switch to remote working has made public sector cybersecurity more difficult than ever before, and how organisations can rise to the challenge.

Posted 11 October 2021 by Christine Horton


Technology and digital services have been a lifeline over the past 18 months—we’ve heard this time and time again in recent months, and it’s true. Particularly in the public sector and the government itself, digitalisation has enabled decades-old services to be renewed and refreshed to provide better quality care and support to the wider public.

However, as more services become digital, the more risks the sector opens itself up to. Cybercriminals take advantage of any new technology available to them, often with the intent of breaking through cybersecurity measures to access unauthorised data. The impact a successful attack can have is unimaginable. Not only in terms of cost—which it’s predicted will be $10.5 trillion worldwide annually by 2025—but also in loss of critical infrastructure and services when it comes to the public sector.

Cybersecurity must therefore be at the centre of all IT, especially in the public sector. But this is harder than it was two years ago, since digitalisation has accelerated rapidly to cope with the unprecedented circumstances. According to research from the SolarWinds IT Trends Report 2021: Building a Secure Future, while security breaches are still perceived as the biggest external factor influencing risk exposure, the boost in distributed working is a key concern for IT professionals in the public sector. Nearly one in five (18 percent) respondents identified their top risk concerns as a distributed workforce, employee relocation, and remote work policies, while 15 percent flagged the exponential growth of data due to new work from home needs.

Managing risk from morning ‘til night

Cyber risk can’t be ignored, and IT pros are fully aware they need to maintain strong defences against this. The SolarWinds report revealed respondents’ top three technologies believed to be most critical to managing or mitigating risk within their organisations:

  • 40 percent ranked security and compliance
  • 35 percent ranked artificial intelligence (AI) and machine learning
  • 25 percent ranked network infrastructure, automation, DBaaS solutions, and ITSM and/or ITAM solutions

However, the report also identified the challenges these professionals face in implementing these vital technologies in their own organisations. Almost half (48 percent) of respondents said currently offered IT management solutions lack features or functionality to meet tech professional needs. Forty percent stated lack of IT management solutions and tools available within their organisation, as well as poor management and lack of direction, were also barriers to adoption.

Integration problems were also recognised as a challenge, with 40 percent of respondents reporting how despite some of their monitoring or management tools being integrated to enhance visibility, many other tools continued to be siloed.

Security tips for peace of mind

There are three crucial ways in which public sector organisations can work to drive digitalisation forward without compromising their security: integrated security, regular penetration testing, and automation.

Integrated security systems

Integrated security increases the visibility teams have over their network, enabling them to identify threats more quickly, and manage the network more smoothly. A multi-faceted approach is ideal, as organisations can address their individual requirements in a tailored solution, from using devices with built-in security measures, to ensuring strict security settings are the default in their application suite.

Penetration testing

To ensure weak points in security systems are identified and resolved as quickly as possible, regular penetration testing is necessary to seek out these vulnerabilities. Cybercriminals will use every chance they can get to take advantage of an unsecured system, with attacks able to go undetected despite the most sophisticated log management and signature-based deep package inspection. To prevent attacks slipping through, organisations should use testing solutions that come with an intelligence feed to cover these unknown, ‘zero-day’ threats.

Automation

For any organisation’s security team, automation should be utilised to its full potential to assist experts in monitoring for cyberthreats, particularly when resources are low. Automation can be used, for example, to constantly scan web applications to detect vulnerabilities and threats. But detecting threats and being able to act on it are two very different things, and the necessary infrastructure is also required to ensure IT teams are alerted whenever a threat is identified, so they can prevent or resolve any damage.

The outsourcing dilemma

To improve cybersecurity, public sector organisations can do one of two things—outsource the security efforts to a specialist third party or continue to run them in-house. The former, working with a trusted third party, is a popular option as it enables organisations to focus on their purpose and leave the security decisions to the professionals. It’s often affordable and easy to work with, and ensures organisations benefit from the latest security measures.

However, depending on the organisation it may be necessary to keep security in-house, and therefore managed software solutions—when chosen well—are the best option. The most effective solutions will incorporate automation, proactively identify threats, and analyse data from threat reports to block future attacks.

The journey to digital transformation shouldn’t cost an organisation its cybersecurity, so they need to keep on top of their protective measures. Regardless of the choice made between third-party or in-house security solutions, public sector organisations need their security to be up to scratch with all the key requirements discussed above. Digitalisation can only truly be achieved if security is part of the discussion from step one.