In the wake of last year’s WannaCry ransomware attack and a range of high-profile threats since then, PublicTechnology and Trend Micro invited a panel of experts to discuss how the public sector can build resilience and protect itself. Geoffrey Lyons reports.
Imagine you’ve waited nearly a year for open heart surgery. Today’s the day: you’ve arrived at the hospital, checked in, conversed nervously with staff. It’s a matter of minutes before you’re due to be put under, when a nurse says the hospital has been hacked. The operation is postponed indefinitely.
That was the unfortunate experience of Patrick Ward, a 47-year-old Dorset local who was directly affected by last year’s WannaCry ransomware attack. The attack, which in December was attributed to North Korea, infected thousands of NHS computers and over 200,000 machines worldwide with a ransom note informing users that their files have been encrypted and they need to pay in Bitcoin to get them back.
While the infection was purged in just a few days, it sparked an ongoing conversation on the threat of cyberattacks to vulnerable institutions like the NHS.
“Organisations like the NHS get attacked so much because they’re not there for data security,” says Mike Hulett (pictured below, second from the right), head of operations at the National Cyber Crime Unit, a command of the National Crime Agency. “There’s also 1.1 million NHS emails, so it’s a big attack area.”
Hulett’s remarks were made at a panel discussion, hosted by PublicTechnology and cybersecurity company Trend Micro, on cyberthreats and how the public sector can better manage them. While some organisations have the resources to rebound from an attack – Equifax, the consumer credit agency that was breached last year, earns £2.55bn in annual revenue – it’s not yet clear how damaging a cyberattack could be to public sector organisations already struggling to meet citizens’ demands.
And it’s not just a lack of resources that make public sector organisations vulnerable.
Siobhan Coughlan (pictured right, second from the left), cyber security lead at the Local Government Association, emphasises the role played by technology’s ever-expanding reach.
“Cybersecurity is the flip side of what we’ve been doing for years by encouraging councils to go digital,” she says. “If you’re an environmental officer with a tablet, then that’s great that you have the tools to do your job. But the more digital tools you have, the more you’re at risk, whether from a hacktivist or just human error.”
While it’s the hacktivists that are grabbing the headlines, the threat of human error often goes perilously unnoticed. Daniel Helps, head of fraud operations for the Counter Fraud & Investigation Directorate hosted at Thurrock Council, says many people are fundamentally unaware of the risks they take.
“I was in John Lewis recently and what did I see? A book to write your passwords in,” he says. “Can you imagine if you lost that book?”
Raising awareness
Trend Micro’s principal security strategist, Bharat Mistry (pictured below left), says the danger of human error can usually be combatted with basic awareness training.
“A lot of enterprises have programmes but no follow-up,” he says. “When you look into some of the attacks we’re seeing, if you don’t have a careful eye then you’ll click on the links.”
And Mistry has worked with a lot of organisations where staff have clicked the on dubious links without understanding the consequences.
One, he recalls, has a radical approach to dealing with the problem. After the first instance, you go to awareness training. Following the second occurrence, you speak to your manager.
“And the third time you do it, no email for months,” says Mistry. “If you can keep your user training and user awareness up to date, a lot of your training is done for you.”
The importance of awareness training is especially evident in light of the ubiquity of technology.
“There’s always a cyber element [to a crime],” says Helps of Thurrock Council. “Everyone has access to the internet nowadays.”
“Cyber is the most likely crime to happen,” adds NCA’s Hulett. “Broadly speaking, 50% of all recorded crime in the UK has a cyber element.”
Hulett adds that people tend to underestimate potential threats from the inside. “If your company employs 1,000 people and you say that 90% of those people aren’t a threat, that still leaves 100 people you should be concerned with,” he says. “One of the hardest things for us to track are things like the unauthorised use of a credential.”
The good news is that central government is paying attention. Panelists agree that that the 2016 National Cyber Security Strategy and the creation of the National Cyber Security Centre were significant steps in the right direction.
Asked whether central government fully understands the importance of cybersecurity, Trend Micro’s Mistry says “absolutely”.
“More and more people [in central government] are recognising that if you see a pattern you need to share it, first at a peer-to-peer level and then get it out to the wider public.”
“It’s good that there’s a focal point [with the NCSC],” adds LGA’s Coughlan. “It’s good having that resource, having people who are public facing, and having people who are working with us.”
Coughlan, whose organisation represents all 353 English councils, says central government has developed free tools like Web Check, a vulnerability scanning service, that her association frequently uses.
“It’s a great resource to have,” she says.
Changing the mindset
In their closing remarks, the panellists were asked to offer one thing that organisations can do to better protect themselves from a cyberthreat.
“Get local authorities in the mindset that there’s not a one-size-fits all solution,” says Thurrock’s Helps. “It’s changing the mindset that you can’t just buy an off-the-shelf product and say you’re now protected.”
“Cybersecurity is the flip side of what we’ve been doing for years by encouraging councils to go digital… the more digital tools you have, the more you’re at risk.”
Siobhan Coughlan, Local Government Association
Coughlan says that apart from getting everyone to take cybersecurity seriously and build awareness, suppliers need to think more about building cybersecurity into their products.
“At the risk of me trashing an entire community, I think the phrase I’d use is ‘cyber resilience,’” says NCA’s Hulett. “However big you are, it’s going to happen to you at some point. Let’s concentrate on minimising the impact as much as possible.”
“In my view, it’s about making security a part of everyone’s role and having a security champion in all departments,” says Trend Micro’s Mistry. “You need to build security across the organisation, have a champion in each department, and raise awareness.”
Mexican Easy Pharm: Mexican Easy Pharm – Mexican Easy Pharm
best online pharmacies in mexico https://mexicaneasypharm.com/# mexican online pharmacies prescription drugs
medication from mexico pharmacy
mexico drug stores pharmacies https://mexicaneasypharm.shop/# buying prescription drugs in mexico online
medication from mexico pharmacy
buying prescription drugs in mexico https://mexicaneasypharm.com/# buying prescription drugs in mexico
buying prescription drugs in mexico
medication from mexico pharmacy https://mexicaneasypharm.shop/# best online pharmacies in mexico
mexico drug stores pharmacies
https://predpharm.shop/# purchase prednisone no prescription
buy prednisone with paypal canada
https://predpharm.shop/# prednisone buy online nz
20 mg of prednisone
https://cytpharm.shop/# Cyt Pharm
5mg prednisone
http://dappharm.com/# Priligy tablets
purchase prednisone from india
https://semapharm24.shop/# semaglutide tablets price
buy prednisone mexico
https://predpharm.shop/# Pred Pharm
prednisone 10mg tabs
https://kamapharm.shop/# buy kamagra online usa
prednisone for dogs
http://kamapharm.com/# Kama Pharm
can you buy prednisone in canada
https://dappharm.shop/# buy dapoxetine online
prednisone 10mg tabs
https://dappharm.shop/# Priligy tablets
prednisone 20
https://predpharm.com/# PredPharm
canine prednisone 5mg no prescription
https://predpharm.com/# drug prices prednisone
prednisone daily use
https://semapharm24.com/# SemaPharm24
where to buy prednisone in australia
http://semapharm24.com/# Sema Pharm 24
how much is prednisone 10mg
https://cytpharm.shop/# buy cytotec online
prednisone 80 mg daily
http://farmatadalitaly.com/# farmacia online senza ricetta
top farmacia online
https://farmabrufen.com/# Farma Brufen
farmacie online affidabili
http://farmasilditaly.com/# viagra ordine telefonico
acquistare farmaci senza ricetta
http://farmabrufen.com/# Brufen senza ricetta
farmacie online sicure
http://farmabrufen.com/# FarmaBrufen
Farmacie on line spedizione gratuita
taya365 taya365 Many casinos provide shuttle services for guests.
https://phtaya.tech/# Slot machines attract players with big jackpots.
Slot machines feature various exciting themes.
Casino visits are a popular tourist attraction. http://phmacao.life/# Slot machines attract players with big jackpots.
jugabet chile jugabet chile Las apuestas deportivas tambiГ©n son populares.
Promotions are advertised through social media channels. https://taya365.art/# Live music events often accompany gaming nights.
Live dealer games enhance the casino experience. http://phtaya.tech/# Many casinos host charity events and fundraisers.
taya777 register login taya777.icu Some casinos have luxurious spa facilities.
Live music events often accompany gaming nights. https://taya365.art/# The poker community is very active here.
Promotions are advertised through social media channels. http://phmacao.life/# Many casinos have beautiful ocean views.
taya365 taya365 Most casinos offer convenient transportation options.
Some casinos have luxurious spa facilities. http://taya365.art/# A variety of gaming options cater to everyone.
Cashless gaming options are becoming popular. https://taya365.art/# Players enjoy both fun and excitement in casinos.
taya365 login taya365.art Security measures ensure a safe environment.
The gaming floors are always bustling with excitement. https://jugabet.xyz/# Las mГЎquinas tragamonedas tienen temГЎticas diversas.
jugabet chile jugabet casino Los jugadores deben jugar con responsabilidad.
The casino experience is memorable and unique. https://jugabet.xyz/# La pasiГіn por el juego une a personas.
Slot machines attract players with big jackpots. https://taya777.icu/# Slot machines feature various exciting themes.
taya365 login taya365 com login Casino visits are a popular tourist attraction.
http://taya365.art/# Many casinos offer luxurious amenities and services.
Online gaming is also growing in popularity.
https://phmacao.life/# Resorts provide both gaming and relaxation options.
Many casinos provide shuttle services for guests.
taya777 login taya777 Some casinos feature themed gaming areas.
http://taya777.icu/# Slot tournaments create friendly competitions among players.
Gambling can be a social activity here.
https://phmacao.life/# The casino industry supports local economies significantly.
The Philippines has a vibrant nightlife scene.
Manila is home to many large casinos. https://phmacao.life/# Some casinos have luxurious spa facilities.
taya777 register login taya777 app Casino promotions draw in new players frequently.
Las aplicaciones mГіviles permiten jugar en cualquier lugar.: jugabet – jugabet casino
http://winchile.pro/# Las apuestas deportivas tambiГ©n son populares.
Poker rooms host exciting tournaments regularly.
https://taya777.icu/# Gaming regulations are overseen by PAGCOR.
Entertainment shows are common in casinos.
Live dealer games enhance the casino experience.: taya365 com login – taya365
jugabet jugabet chile Las apuestas deportivas tambiГ©n son populares.
The casino scene is constantly evolving. http://phmacao.life/# Gaming regulations are overseen by PAGCOR.