Social media, BYOD, and 'clicking the link' - public sector IT chiefs name their biggest security headaches

Written by Sam Trendall on 10 July 2017 in Features

Government IT professionals discuss how to ensure they remain protected

Regular and personalised education sessions for staff are important, public sector IT professionals said

“Joiners, movers, and leavers.”

“Social media.”

“Third-party applications accessing the network.”

“Bring your own device.”

“Clicking the link.”

These were the first answers offered by a roomful of public-sector technology professionals when asked to name the foremost security challenges they currently face. Terms such as “ransomware”, “DDoS”, and “zero-day vulnerability” are conspicuous by their absence.

Related content

But one theme does clearly emerge: human error.

Time and again, stories were told of how the biggest threat to a typical government organisation was not nation-state attacks or global gangs of cybercriminals. It was employees’ carelessly putting a photo on Facebook, using their tablet to access sensitive information, or being taken in by an eye-catching email. 

While the number and variety of computing devices continue to diversify and proliferate, and the threat landscape grows more sophisticated and sinister, an organisation’s people are invariably its biggest attack surface. Nowhere is this truer than in the UK public sector, which employs upwards of 5.4 million people – more than one in six of the country’s overall workforce.

Which is a pretty big target to aim at.

Graham Wakerley, founder of security consultancy Missing the Linq, chaired the discussion, which took place at the recent Cyber Security Summit, hosted by PublicTechnology parent company Dods.

“When I talk to organisations about penetration testing I do not just want them to look at their technology – it is not a tech problem,” he said. “Tech is important, but it is about individuals. It is important that you do social engineering. You have to help each other, and you have to make [the security risks] real for staff.”

The public sector IT professionals in attendance opined that regular education sessions to remind staff of protocols and best practise are imperative for effective IT security.

Several noted that it is particularly important to ensure that senior management figures stay up to date, as they not only set the tone for the organisation but also (whisper it) can be among the worst offenders in terms of taking a lax approach to security.

Thomas Coles, chief executive of insurance software firm Risk Solved, said that an even bigger threat is on the way for government CIOs: millennials. Young people who have grown up in a culture that has normalised the sharing of every detail of your life, and happily swapping privacy for utility, will be a major headache for IT security professionals, he said.

“In 20 years’ time they will be in the C-suite. And they actively do not care [about sharing their data],” Coles said. “At the moment, senior management probably do care – but they are just a bit naïve.”

More targeted education exercises are necessary, attendees said. A senior technology leader at one London borough shared the story of how his organisation had developed a portal to offer employees personalised training based on their job function and responsibilities.

Wakerley concluded that “most threats happen within an organisation”. With the continued rise of mobile computing platforms and the Internet of Things, technology will continue to play a bigger and bigger role in all of our lives, he said, so it is crucial that the people using it do so with prudence and vigilance.

He said: “I have been a CIO, CTO, and IT director. I have been in the room being told that ‘information security is an IT issue’. Well, no – it isn’t. It is a people issue, and a policy issue.

About the author

Sam Trendall is editor of PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

Government plans to expunge Huawei from 5G network by 2023, reports claim
26 May 2020

Prime minister plans to backtrack on previous decision to allow Chinese giant to play a role in next-generation telecoms

Rules laid down for MPs’ remote voting system
7 May 2020

System gets provisional select committee thumbs up, but members are warned they will face punishment if they let others vote for them

DVSA uses AI and agile to support ‘a lifetime of driving’
1 May 2020

The Driver and Vehicle Standards Agency has already done a great deal of work implementing technology across its operations. But digital chief Alex Fiddes tells PublicTechnology it...

Related Sponsored Articles

Interview: CyberArk EMEA chief on how government has become a security leader
29 May 2020

PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right

Accelerating sustainability in the age of disruption
21 May 2020

HPE shows why organisations are increasingly seeking to understand and consider the environmental impacts of their IT purchasing decisions