Resilience can mean a lot of things to public sector organisations. The last few years have highlighted significant gaps in the operational and economic resilience in many of them, forcing leaders to contend with global pressures that affected availability and access to skilled labour, supply chains, and economic forecasting. However, these pressures perhaps worryingly overshadowed another, essential form of resilience: cyber resilience – which has come to the forefront with a recent Parliamentary report.
The Joint Committee on the National Security Strategy found the government to be “ill-prepared” for a coordinated cyberattack on its critical national infrastructure (CNI), leaving it at “high risk” of a “catastrophic” ransomware attack. With public sector institutions like the NHS hampered by a vast estate of legacy infrastructure and limited skilled cybersecurity resources, these environments are particularly vulnerable for exploitation by bad actors, many of whom are in fact nation states.
In short, the parliamentary report shines a bright light on what is already a well-known challenge. The UK’s national security depends on the government implementing more stringent plans, controls, and dedicating more resources towards securing all parts of the CNI – including their own departments. With the average cost of a government data breach surging by over half a million dollars in 2023 and the rise of ransomware-as-a-service models, the public sector must take immediate action to address the threat.
The nation-state threat
As the country heads into an election year, government organisations need to be vigilant of the heightened cyber risks that they are facing.
As the NCSC highlighted in its 2023 Annual Review, while the most significant threat in terms of volume may come from online criminality perpetrated by individuals, nation state attacks present the most advanced and persistent threats to government organisations. These attacks go far beyond the typical financially motivated cyber threats posed by regular hackers, to those seeking to disrupt, or gain access to nation-critical information as a means to undermine the institutions of their target country and in fact that target country itself.
Just this Summer, the Electoral Commission made headlines when it discovered a 15-month-old breach in its systems. In a sophisticated attack that appeared to have been designed to evade the Commission’s security controls, “hostile actors” had ‘loitered’ undetected for well over a year inside the organisation’s networks, to eventually steal information from the electoral records. So, as the UK turns its focus towards electing its next government in 2024, the security posture of all government institutions must be a significant priority.
Building a better posture with Zero Trust
Improving governmental cyber resilience is not a simple task. Government security leaders must contend with siloed systems, ranging from complex legacy platforms to new digital hybrid environments. While digital transformation is essential to driving cost efficiencies and improving quality of service, if security isn’t baked into projects from the start, this can unintentionally widen the public sector’s cyberattack surface. To properly protect their environments from attackers, security leaders need to gain real-time insight across the whole network.
If you liked this content…
Using biometrics to prevent data breaches and identity theft in healthcare
Stolen credentials the leading cause of cyber breaches in 2023
Addressing public sector IT complexity with observability
Cybersecurity must be top of the agenda for public sector organisations
iProov partners with Cybernetica on MFA digital identity solution for governments
Strengthening security posture lies in the successful implementation of two main approaches. The first lies in building robust defences both at the perimeter and within organisational networks to make it harder for hackers to move laterally once inside.
Plenty of solutions offer strong external defences, from firewalls to email security software, but implementing internal obstacles for hackers requires organisations to reduce the level of inherent trust provided to employees. Credential theft, in which usernames and passwords are stolen directly through phishing or bought on the dark web, is an easy and common foothold for threat actors. Unpatched home working endpoints, common in hybrid organisations, provide another useful access point to government networks. Government security leaders can mitigate these risks by rolling out multi-factor authentication (MFA) as part of a Zero Trust approach, ensuring that users are only trusted after verification. But it doesn’t end with access.
For Zero Trust to work properly, organisations must also segment and continually monitor their networks to detect lateral movement and resolve breaches. Deep observability – the addition of real-time network-level intelligence to amplify the power of metric, event, log and trace-based monitoring and observability tools – is critical here. Only with a clear and complete view across all data in motion can IT teams understand and authorise those safe to access the network.
Achieving total visibility
The second aspect of any successful security strategy should be to empower security teams with comprehensive threat detection capabilities, such that even when the first line of defence fails, an organisation can identify and remediate breaches as soon as possible. Network visibility is the foundation of this threat detection and response effort.
To do this, government security teams must overcome the blind spots in their network monitoring. East-west traffic (data packets flowing between servers or applications in a data centre), is often seen as lower-priority for security scanning than traffic at the perimeter of a network, but understanding the threats flowing within a network is vital. Endpoint detection and response (EDR) tools offer limited threat detection capabilities, and security teams should instead look towards intelligent network-layer analysis. This enables the identification and interception of malicious activity across all assets, reducing the threat of false positives that burden already-understaffed SOC teams.
The other common blind spot is encrypted traffic. Attackers increasingly use SSL encryption as a tool to keep malicious activity hidden amongst the vast amounts of encrypted traffic in organisations’ networks. Perfect for maintaining the confidentiality of internal traffic, encryption is now used to evade detection in more than 90 percent of malware attacks, and yet fewer than a third of IT and security leaders have visibility into encrypted traffic. To properly understand the threats they face, security leaders need efficient and effective tools that not only provide network-layer intelligence, but also visibility into encrypted traffic with minimal latency or impact to end user security and privacy.
It can seem like an overwhelming task but, with a few simple steps, government organisations have a great opportunity to improve their defences and detect security events before they become incidents. Warnings such as this month’s report must not go unheeded, and the new year brings a welcome and perhaps overdue opportunity for security leaders to reflect on their security commitments and play a role in building a more robust and cyber resilient public sector.
