Why it is time to change our approach to cybersecurity
Organisations need to understand that a single cybersecurity solution alone is not infallible and instead should move towards a multi-layered approach to security, according to experts from Switchshop
It cannot be argued that COVID-19 has changed the way in which we live and work. There have been changes to how healthcare professionals administer care, the way in which students are taught and the way we communicate with our teams. IT professionals had to work quickly, as organisations were given a matter of days to prepare to deal with this paradigm shift and the heightened cyber-risk associated with this unprecedented global event. For cyber attackers, this has served as just another perfect opportunity to identify and exploit vulnerabilities. Whilst cybercrime is not increasing overall, it shifted its focus.
Sadly, the NCSC has reported that COVID-19 is the most frequently used subject of scams claiming to be from governmental bodies, more than any other subject in fact. Phishing scams such as these aim to exploit people’s fear surrounding the virus and their desire to follow guidance from the UK government and NHS. With the sudden increase in people working remotely, ransomware cases have increased by 20% in the first half of this year.
Over this year we have seen attacks on local authorities, with a single instance costing £10.4 million. As well as the threat to public sector, experts also advise that educational and research establishments are at risk of attack. This advice comes just before the attacks we have seen over the last two weeks involving UK Universities.
Fortinet states that with the public sector seeing 42% of organizations having suffered a ransomware incident in the last 12 months, it is imperative that organisations readdress their approach to cybersecurity.
Organisations need to understand that a single cybersecurity solution alone is not infallible
What can we do to mitigate such attacks?
Organisations need to understand that a single cybersecurity solution alone is not infallible and instead should move towards a multi-layered approach to security. Every component of your defence solution has limitations and vulnerabilities when acting in isolation, however, by applying multiple layers, you create a security posture that is close to impenetrable.
Michael Curry, Director at Switchshop states “we recognise that cybersecurity can’t just sit at the gateway, or on the client, but requires a truly holistic approach, covering all areas of an organisations infrastructure. Layering security components with best of breed technologies ensures that no matter where the attack comes from, you have a line of defence, visibility, and the ability to act. Ultimately, this gives you the best possible chance of repelling or limiting attacks on your network”
Defence in depth is based on the premise that there is no real possibility of achieving completely impenetrable security by implementing any collection of security solutions. Rather, components of a layered security strategy are virtual obstacles that hinder the progress of a threat, slowing and frustrating it until either it ceases to threaten or until actions can be taken to neutralise or mitigate the threat.
Throughout Cyber Security Awareness month, Switchshop will be hosting a series of webinars, to outline its approach to helping customers develop layered security solutions and defence in depth strategies. Our aim is to help the public sector to understand and combat the heightened cyber risk associated with COVID-19, whilst bearing in mind the financial and operational challenges the sector faces.
Join us during Cyber Security Awareness month to learn how the public sector can better defend, detect, mitigate, and recover from sophisticated cyber-attacks without increasing operational complexity.
Register here and get involved in everything cybersecurity including webinars, information sharing and giveaways!
Government attributes 2018 campaign to Moscow and claims more assaults were planned for cancelled 2020 summer games
BAE Systems appointed to three deals to provide additional personnel
Department’s annual report shows, for the first time in many years, documents or data lost from a secure government building had to be reported to the ICO. PublicTechnology finds out more...
PAC tells department it is ‘not convinced’ by expected benefits
2020 has been a year of unprecedented change for the UK public sector. Today’s agile working technology enables you to meet citizen needs in this challenging operating environment by empower your...
SAP Concur says it's time for the public sector to embrace more efficient invoice management technology
Accessibility requirements aren’t restrictions that need to be overcome - they’re guidelines to improve online experiences for everyone, says Jadu VP Richard Friend
Steve Blow, tech evangelist at Zerto, explains why digital transformation efforts could be futile if local authorities don’t address and improve their IT resilience