Editorial

Cybercriminals hope to catch public sector off-guard

Organisations are leaving their security teams understaffed during critical times, shows research.

Posted 2 January 2025 by Christine Horton


As cyberattacks continue to plague organisations across industries, the public sector faces unique challenges in safeguarding critical infrastructure and sensitive data. In a recent discussion, Dan Lattimer, area VP at cybersecurity firm Semperis, shared insights on the evolving threat landscape and strategies for public sector entities to bolster their defences.

“For me, the key is that attackers are more likely to strike when defenders are least prepared,” said Lattimer. “Weekends, holidays – those are the times when cybercriminals will try to exploit vulnerabilities, knowing that response times may be slower.”

Recent Semperis research found that 72 percent of UK organisations reported experiencing ransomware incidents during holidays and weekends when security teams aren’t working at full capacity. Half of those organisations leave security teams understaffed during these critical times. That poses a significant risk for public sector organisations, which often operate critical services 24/7.

“Most public sector workers aren’t necessarily on-site around the clock, even if the systems they manage are,” said Lattimer. “That creates a challenging situation, because intrusions can happen at any time, and the attackers will try to time their strikes for when they’re least likely to be detected and stopped.”

Lattimer said that simply hoping an attack won’t happen is a recipe for disaster. “You have to operate under the assumption that your systems will be targeted, and have a plan in place to respond effectively.”

 This means regularly reviewing and updating incident response protocols, ensuring key personnel are empowered to make decisions, and testing the organisation’s ability to weather a cyberstorm.

“Too often, we see public sector entities with outdated plans that no longer reflect the reality of their operations,” Lattimer said. “”When an attack happens, they’re left scrambling, unsure of who has the authority to take action. That delay can be devastating.”

To combat this challenge, Lattimer recommends that public sector organisations consider partnering with managed security service providers (MSSPs).

“An MSSP can supplement your internal capabilities, providing 24/7 monitoring and response that you may not be able to maintain on your own,” he said. “But it’s critical to clearly define the rules of engagement upfront, so there’s no confusion about what’s covered and what’s not.

“Contracts need to be very clear about what the MSSP is responsible for and what the client needs to handle internally. Otherwise, you risk finding yourself in a difficult situation when an incident occurs.”

Beyond partnering with MSSPs, Lattimer emphasised the importance of ongoing employee training and awareness programmes.

“Cybersecurity isn’t just an IT issue – it’s a people issue. Your workforce needs to be educated on the latest threats and their role in keeping the organisation secure.”

As public sector entities continue to grapple with the evolving cybersecurity landscape, Lattimer’s insights offer a roadmap for building resilience. “It’s not enough to have a plan on paper,” he said. “You have to test it, refine it, and ensure everyone knows their part. That’s the only way to be truly prepared for the challenges ahead.”

Event Logo

If you are interested in this article, why not register to attend our Think Digital Identity and Cybersecurity for Government conference, where digital leaders tackle the most pressing issues facing government today.


Register Now