Across the UK, cyber security threats in the public sector are on the rise. This has been a continued trend throughout the COVID-19 pandemic; however, it also reflects a global trend that has been steadily increasing since the high-profile WannaCry ransomware attack in 2017. Although the NHS reportedly did not pay the ransom fee to WannaCry hackers, the disruption to services is estimated to have cost the NHS approximately £92 million.
It is true that awareness around cyber security has led the public sector to improve security since the WannaCry attack. Yet, there is clear mounting pressure to go even further – and this ambition goes hand in hand with digital transformation and widespread use of safe, secure and seamless platforms.In this blog, we evaluate why the public sector specifically is a hot target for hackers and how prioritising digital transformation can protect your platforms, processes, data and services overall.
An overview of cyber security statistics in public sector
- In 2019, prior to the onset of the pandemic, Freedom of Information (FOI) requests revealed more than 263 million attacks had been carried out on local councils’ systems during Q1 and Q2 of that year – this is estimated to be equivalent to 800 cyber-attacks per hour.
- In 2020, the National Security Cyber Centre (NCSC) launched the ‘Suspicious Email Reporting Service’ with the City of London Police, which resulted in 2.3 million emails reported by the public within the first four months. They also found more than 50,000 NHS IP addresses were ‘indicators for compromise’.
- According to the Cyber Security Breaches 2021 Survey, published by the Department for Digital, Culture, Media & Sport, four in ten businesses and one quarter of charities reported having cyber security breaches or attacks in the last 12 months. Of these affected organisations, a further quarter reported they experience breaches at least once a week.
Why is the public sector vulnerable?
Despite improvements made in recent years, there remains an overwhelming lack of knowledge and training about cyber security in the public sector. The latest figures published by the Office of National Statistics in March 2019 show that there are over 5 million people that work in the UK public sector. As a large sector responsible for vital lifeline services, it is exposed to the possibility of any single one of its workers causing mistakes, having inadequate training or falling victim to a phishing email. This reality is even more frightening given that any number of cases could lead to the sensitive information of up to 66 million UK citizens becoming accessible on the dark web.
With cyber-attacks becoming more sophisticated and difficult to spot, it has never been easier for criminal activity to occur. It’s essential that going forward, public sector organisations are aware of what they’re up against.
Minimising risk by starting with the basics is crucial and must continue to be addressed in a dedicated cyber security business strategy.
Password policies
Despite ongoing advice on how to strengthen passwords to protect systems and devices, many users remain indifferent to the importance of password protection. The National Cyber Security Centre suggests a host of tips to improve password protocols, including multi-factor authentication, password deny lists (which prevents the most common or easily guessed passwords) and regular monitoring of shared-access accounts.
Protecting devices
For office-based employees, organisations should encourage locking devices when employees leave desks, and reinforce regular cyber security training on device protection with employees who work remotely. This will be a continued area of focus, given that a recent YouGov survey showed one in five UK employees wish to work remotely full time after the pandemic.
Education, Prevention and Digital Capabilities
Many of the areas discussed in this blog can be summarised into these three points. By addressing basic cyber security protocols and providing consistent training to develop the knowledge and awareness of remote and office-based staff, the public sector can prevent costly attacks and service disruption. However, none of this can happen without the adoption of secure and seamless digital technology platforms. It is highly powered platforms, like Cloudya from NFON, that form the very foundation of your cyber security strategy.
Cloudya comes completely maintenance free, meaning your staff do not need to manually install updates to protect your data or services. Your systems will be fully secure with the most up to date version, giving you peace of mind when communicating with customers.
