Organizations in the United Kingdom’s public sector face several challenges in terms of their digital security. Today, these companies must meet an increasing number of regulatory compliance obligations. GDPR likely sits near the top of UK public sector organizations’ list of responsibilities given the penalties they could incur should they fail to adequately protect EU citizens’ personal data. They must also fulfill the growing number of requirements specified under the United Kingdom’s minimum cyber security standard.
Of course, these entities don’t have unlimited budget and resources to fulfill these duties. For instance, a 2018 report published by the Joint Committee on the National Cyber Security Strategy found that the public sector in the United Kingdom lacks sufficient cyber security skills to uphold the country’s vibrant digital economy. This skills gap makes it difficult for UK public sector organizations to meet some of today’s most pressing technology challenges.
An even bigger consequence of the United Kingdom’s skills gap is that many public entities aren’t prepared for a data breach. The Advanced Annual Trends Survey 2017-18 found that almost one in four (23%) of public sector organizations are unprepared for a cyber-attack. Unfortunately, real data security incidents have already proven the validity of this finding. Chief among them was the 2017 WannaCry outbreak, a global ransomware attack which affected more than a third (34%) of National Health Service (NHS) trusts in England.
Months after the attack, the National Audit Office discovered that many NHS organizations had failed to properly safeguard their systems against a cyberattack.
The challenges discussed above have prohibited many UK public sector organizations from taking a proactive approach to their cyber security. But as it turns out, companies need this exact type of approach if they are to adequately defend themselves against attacks and data breaches. So how can UK public entities turn things around?
Fortunately, the key to proactive cyber risk management isn’t something complicated. It’s actually rooted in organizations emphasizing security best practices. By implementing the basics alone, companies can drastically improve their security posture. For instance, the IT Process Institute found that critical security controls can help detect 91% of security breaches.
Notwithstanding the effectiveness of these measures, many companies still don’t use security controls. Tripwire observed in its State of Cyber Hygiene report that two-thirds of organizations don’t use hardening benchmarks like the Center for Internet Security’s Critical Security Controls. Tripwire subsequently discovered that the absence of these measures had an effect on organizations’ digital security posture. For example, approximately half of companies (40%) aren’t scanning for vulnerabilities weekly or on a more frequent basis. More than that (54%) aren’t collecting logs from critical systems into a central location, while 31% don’t even require default passwords to be changed.
It doesn’t need to be this way, however. Organizations in the United Kingdom’s public sector can turn things around and build a solid foundation for themselves using critical security controls. They just need to learn how to implement these security measures effectively.
You can learn more by joining us at Public Sector Enterprise ICT (PSEICT), The United Kingdom’s most prestigious public sector ICT conference and exhibition. On 14 November 2018 at the Victoria Park Plaza, Tripwire Senior Director of Technical Services Paul Edon and Tripwire Senior Systems Engineer Paul “PJ” Norris will present “Taking a Strategic Approach to Cyber Security in the Public Sector.” Their talk will reveal how attendees can best implement critical security controls. Together, Edon and Norris will also share lessons learned from real data breach stories and how attendees can apply these best practices to defend themselves against emerging threats.
For more information about this presentation and other exciting speaking sessions at this year’s conference, click here.