Four critical cyber security issues facing local government
Paul Lipman suggests that local government organisations should look to the cloud to address growing security challenges.
Cyber-security is arguably the number one strategic IT priority in 2015 for UK local authorities. The cabinet minister, Francis Maude’s announcement of the National Cyber Security Programme, highlighting the criticality of cyber-threats and the Government’s imperative to address them, illustrates how pressing this problem has become.
The data housed by Government agencies is an attractive target for financially motivated cyber-criminals. Passport numbers, credit card information, drivers’ license numbers and tax information are just some of the sensitive data that hackers can use for financial gain and create havoc for individuals if compromised. In addition, agencies have to worry about cyber-attacks by politically motivated ’hacktivists’ and the potential for highly sophisticated state-sponsored attacks.
Unfortunately, local authorities’ IT organisations face four key critical problems in keeping their networks and data secure against cyber-threats.
1. Complexity and intensity
There is a rapid growth in the number of threats being released every day. For example, in the iSheriff lab, we have seen more than a quarter of a million different ransomware variants and as many as 60,000 new variants in a single day. Ransomware is an example of a large-scale cyber-threat that acts like a trawling net to snare a large number of victims. These threats have become increasingly complex, conducted over multiple vectors in combination. Although somewhat ’vanilla’ on the spectrum of cyber-attack complexity, the results can be devastating. For example, since many organisations do not backup off-network, a ransomware attack can result in catastrophic loss of data.
At the other end of the cyber-threat spectrum are targeted attacks aimed at a specific organisation or individual. Unlike typical malware-based infections, targeted attacks are very challenging to block with traditional security products. A persistent adversary, such as a hacktivist, professional cyber-criminal or state-sponsored actor, will utilise techniques that ’fly under the radar’ in order to achieve their objectives.
In today’s fast evolving cyber-threat landscape, traditional security approaches are no longer sufficient. IT teams don’t have the time or resources to address each threat vector in isolation, nor should they have to. Integration, automation and flexibility are today’s security imperatives that will maximise resources, team efficiency and effectiveness without impacting the IT budget.
The answer lies in the cloud and big data. By capturing, correlating, analysing and extracting real-time threat intelligence data from multiple organisations, across web, email and endpoint threat vectors, we can get an unparalleled insight into new threats as they emerge in the wild, identifying trends, attacks, and anomalies – and blocking them before they can do any damage.
2. The Funding Gap
The typical local authority spends less than 5% of its IT budget on cyber-security, compared to over 10% in a commercial enterprise. But they face precisely the same security challenges as the likes of JP Morgan Chase, Target, Home Depot and Sony that have all been hacked successfully. It becomes abundantly clear that local authorities’ cyber-security efforts are woefully underfunded.
Unfortunately, local authorities have also been let down by the security industry. Security has become too complex – requiring multiple products from multiple vendors that not only don’t integrate, but also require very expensive installation and complex management. The typical agency simply doesn’t have the budget to cope.
In addition, local authorities are faced with a security staffing and know-how problem. Given the rapid growth in cyber-threats, there is a substantial premium placed on cyber-security skills within the commercial sector. This makes it increasingly challenging for public sector organisations to compete for talent.
Agencies that do not have dedicated security personnel need a solution that is simple to set up, run, and monitor. Cloud-based security helps to do this by offering a flexible, comprehensive solution that doesn’t require upfront investment in hardware, software, or professional installation. A multilayered cloud-based security solution addresses critical security needs with a single solution from a single vendor. And because it is cloud based, protection is constantly updated to cover ever-mutating malware and vulnerabilities; is globally available; and addresses all the digital points and platforms including web sites, email, laptops, tablets, and smartphones.
3. Visibility and control
One of the unfortunate by-products from the proliferation of security point products within the IT environment is an avalanche of security events and alerts, leading to information overload. In fact, a whole new category of products and services has evolved to attempt to bring order out of this chaos, referred to as Security Information and Event Management, or SIEM for short. However, managing security through alerts has been described as being analogous to driving a car down a busy road at night by looking through a frosted rear-view mirror; it is not only misleading, but is likely to end in disaster!
However, cloud-based security services enable a move from an alert-centric to an intelligence-centric approach to security – vastly enhancing the CISO’s visibility. By extracting true intelligence from an understanding of the inter-relationship and correlation of activity across the internal network, endpoint devices, cloud-based applications and the internet at large, we gain an unprecedented vantage point across a global footprint of enterprises, end users and infrastructure. This is simply impossible with today’s organisationally siloed and event-driven approaches.
4. The need to comply
UK organisations are faced with a range of regulations designed to enfore better levels of protection for data and greater transparency when breaches occur. These include the EU General Data Protection Regulation (GDPR) and PCI DSS. For small IT organisations with limited security expertise, enforcing compliance with these regulations can be an onerous level of additional overhead on top of their already substantial core responsibilities.
A centalised cloud-based approach enables security policies to be easily defined in compliance with major regulatory requirements, through an intuitive drag and drop interface. Policies can be immediately and consistently enforced across the entire network and user base and can be easily monitored for policy or procedure breaches. All web and email activities can be further monitored for compliance, enabling policy to be refined over time. And with data leak protection it is possible to ensure that confidential and sensitive data does not leave the network, whether deliberately or inadvertently.
It is clear that the cloud is here to stay and in a maturing market, it may offer a way forward for hard-stretched government security departments, facing increasing threats along with cuts in budgets and resources.
Paul Lipman is chief executive at iSheriff
Users of S3 storage warned against allowing public access, to tackle ‘leaky bucket’ risk
Cabinet Office and DCMS seek input on key questions, including the respective roles that should be played by government and industry
Statutory body asked to conduct a secondary review of internet abuse law
Woody Johnson compares the use of the vendor’s equipment to ‘letting a kleptomaniac into your house’
Sharon Hobson of Riverbed explains why the key to justifying an investment in cloud technology is visibility of network performance