Editorial

Cybersecurity must be top of the agenda for public sector organisations

Chris Roberts, director of public sector sales UKI at NetApp, discusses how public sector organisations across healthcare, education and policing can fortify their cybersecurity efforts to stay ahead of the evolving threat landscape.

Posted 20 December 2023 by Christine Horton


The digital transformation of the public sector is rapidly accelerating. However, the growing integration of smart technologies into the infrastructure of public organisations means there are an increasing number of devices and opportunities for threat actors to target. In fact, the UK’s Information Commissioner’s Office (ICO) recently issued an advisory to public bodies urging them to “stop using spreadsheets” in the wake of mounting data breaches against public bodies.

It’s difficult to overstate how crucial cybersecurity is to this sector. These organisations store some of our society’s the most sensitive data – from healthcare records, to police files and even government data. But even with the ongoing need to do more with less, and stretch existing resources as far as they can, public sector organisations cannot afford to compromise on cybersecurity.

The cybersecurity landscape

The UK’s public sector and its critical digital infrastructure continue to be increasingly popular targets for cyberattacks, including ransomware. This is partly because attackers may hope a public sector body is more likely to meet their demand for a ransom, rather than risk compromising the sensitive data it holds.

To put this threat into context, last year the Office for Budget Responsibility (OBR) published a report revealing that a major cyberattack or ransomware attack on the UK government could lose the UK as much as 1.6% of the country’s GDP. Elsewhere, local councils across the UK are also facing an onslaught of attacks. For example, one local council authority has been fighting off over 30,000 cyberattacks each month.

In light of this, it is easy to see the public sector’s efforts to digitise as something of a mixed blessing. The pandemic and hybrid work have accelerated the journey of many organisations to the cloud. However, this rapid transition has also created complications with data management, as data is increasingly being created in a diverse range of storage environments including on-premises, in the cloud, and on the edge. All of this adds further complexity and, in our experience, this complexity is one of the biggest enemies of cybersecurity. Instead, simplicity is king.

More cybersecurity with fewer resources

So, with all of these factors at play, how do we deal with all of this? How can public sector organisations fortify their cybersecurity, and establish strong data resiliency in multicloud environments?

Public sector organisations should move towards a more holistic and proactive approach, intended to protect as well as detect, respond, and recover. After all, cyber-resilience must ultimately offer permanent business continuity through the fastest possible data response and recovery capabilities.

Cloud applications and storage services are robust. However, these often lack data protection in their service availability by default. Ultimately, the responsibility for safeguarding data against threats like corruption, viruses, and accidental deletion falls on the organisation.

This is why implementing a hybrid cloud data protection shield is crucial. It ensures data security and rapid recovery in the event of a disaster, potentially resulting in cost savings by moving disaster recovery operations to the cloud, freeing up data centre space and storage infrastructure for other investments.

Data protection should be a cornerstone for every form of data infrastructure and broader cybersecurity strategies. It allows for rapid recovery of data regardless of where it is stored, whether on-premises or in the cloud. Most importantly, this successful data protection shield matches the flexibility and agility of the hybrid cloud.

Embrace Zero Trust models

The public sector is aware that their digital assets – their data – are often their most valuable assets. As a result, implementing user access controls is vital to protect data, allowing employees to access only to the data that’s necessary for their roles.

Secondly, another important safeguard can be created by using multiple recovery endpoints. This makes data immutable and indelible, ensuring data recovery even in the face of unauthorized access. On this front, following the 3-2-1-1-0 rule is the best practice. Having multiple copies of the data, stored across different formats such as on on-premises hard drives and in the cloud, can ensure secure backups are available in the event of a breach.

Similarly, multi-factor authentication can provide an additional layer of security, preventing unauthorized access to sensitive data and systems in the event of credential compromise. Organisations must also consider the potential threats from within, while also strengthening the admin verification processes to prevent insider threats and rogue admin actions alike.

Digital transformation starts with cybersecurity

In the context of shrinking budgets and the imperative to do more with less, a robust cybersecurity strategy underpins the success of the public sector’s digital transformation. Having this in place not only mitigates the risks associated with data breaches and cyber-attacks but also ensures cost-effectiveness, as the potentially exorbitant consequences of security incidents are avoided.

Additionally, this proactive approach is essential in the constantly evolving cyber landscape. In essence, a well-designed cybersecurity strategy is not just a safeguard against risks; it can also empower organisations to navigate the challenges of constrained budgets while embracing innovation and efficiency.

Event Logo

If you are interested in this article, why not register to attend our Think Digital Identity and Cybersecurity for Government conference, where digital leaders tackle the most pressing issues facing government today.


Register Now