By Tim Freestone, chief strategy and marketing officer, Kiteworks
The sheer number of cyber-attacks in recent years puts the inadequacy of current systems into sharp focus. Alas, many public sector organisations are still using decades old legacy, homegrown technologies to manage the storing, transfer, and sharing of data. Although this approach has historically been adequate, it can no longer keep up with the growing cyber threat landscape. This is why the UK Government has initiated a new cyber security strategy that focuses first on establishing resilience within the public sector.
Government organisations must take responsibility for securing their daily operations, communications, and data activity. In government, data is consistently being moved, shared, and collected, both internally between departments and externally with third parties. Keeping this data safe throughout its communication lifecycle is essential to the reliable functioning of national services and the protection of people’s privacy. Whether it is patients’ personal health information or mission-critical data, any breach can cause serious disruption.
The need for cyber resilience
As of 2023, the UK was the third most targeted country in the world for cyber-attacks. Because of this, cyber resilience is a necessary cornerstone of the UK’s strategy for national resilience. The Government Cyber Security Strategy for 2022-2030 recognises that the cyber security landscape is evolving, and that its approach to resilience must evolve with it. The government has been tasked to lead by example for the nation’s private sector. It is, therefore, imperative that central government departments set the standard for robust, trustworthy, and compliant data and communication security.
Cyber threats across the public sector are on the rise. Between 2020 and 2021, 40% of cyber incidents managed by the National Cyber Security Centre targeted the public sector. Ransomware attacks on the NHS saw patient data fall into the hands of malicious actors, and several local councils were locked out of their systems due to ransomware attacks. These incidents not only result in significant costs, but the increased vulnerability of critical national infrastructure, government organisations, and other public sector services also puts sensitive and mission-critical data at risk.
Unfortunately, as technology develops, malicious actors are leveraging new and more sophisticated techniques to circumvent data security. The problem is that many government departments continue to rely on homegrown solutions and legacy systems that are no longer fit for purpose. The IT solutions being used for secure content communication, such as email systems, data transfer and file sharing, have reached the end of their lifecycle. Not only can they not develop as this new strategy needs them to do, but they are introducing an increasing number of risks and exploitable vulnerabilities.
Unique challenges
As the backbone to countless public services, central government organisations have some unique challenges to consider when it comes to secure data communication and the solutions they need to achieve it.
Firstly, is the risk brought on by interagency communication. Central government organisations have a long supply Sensitive PII data chain, both internally and externally. This introduces many more potential areas of risk, such as emails falling into the wrong hands or files being accessed by malicious parties when being shared. In addition, these communications are often happening across different channels, creating silos which further add to the risk of a breach.
Secondly, is the need for service assurance. Mission-critical services, such as emergency weather responses or national security, rely on high-volumes of data to function properly. It is essential that this data is not disrupted when being collected, transferred, or processed.
Then there is the sensitivity of the data itself. People-facing services, such as healthcare, handle vast amounts of sensitive data. This must be stored in compliance with regulations like GDPR. Unfortunately, it remains a prime target for attack and so must be strongly protected to deter attacks and prevent accidental leaks
More needs to be done
Plenty of progress has been made to improve the UK’s position to meet these challenges. However, there is a lot more to do. Government organisations need to look at two pillars. Firstly, to build a united defence and secondly, to build resilience and be empowered to manage their own cyber risks. This will lead to them reducing vulnerabilities and risks while improving visibility over activity, strengthening the security surrounding content communication, and building processes that align with regulatory compliance requirements. In doing so, organisations must consider solutions that can scale as threats evolve and that can be integrated across organisations – or that are highly interoperable and compatible.
A turning point
Government organisations have reached a turning point. They must take the leap to re-evaluate and reinvent their secure data communication solutions before the capability gap between them and potential adversaries grows too stark.
Thankfully, help is at hand. There are secure file and email data communications platforms on the market that are built to enable central government organisations to meet modern data security requirements. Such a Private Content Network empowers agencies to share sensitive content internally and with third parties by email, file sharing, file transfer, and other channels at the highest levels of security, governance, and compliance.
Recent Comments