In 2020, we faced not only a global health crisis, but an increase in cyber-attacks against frontline public sector organisations.
The NCSC, for example, handled more than 700 cyber incidents from 1 September 2019 – 31 August 2020. Moreover, the Suspicious Email Reporting Service, launched with the City of London Police, had 2.3 million emails reported by the public leading to the removal of 22,000 malicious URLs.
These figures, along with recent incidents such as the ransomware attack against the Irish health service, demonstrate the increasingly pressing need to protect public services and citizens from cyber-threats at scale. Governments have a role to play to ensure they are building strong and secure cybersecurity practices within public sector organisations where citizen’s private information is stored. They can also provide additional security layers, deployed centrally, to deliver a more robust defence on a local level as well as utilising that data and insight on a nation-wide scale.
Joining the dots
This can be done with large interventionist approaches, which are crucial if countries are to take an effective stand against cyber-criminals and foreign powers that pose a threat. One example of this type of an approach is security programmes that aim to address whole groups of organisations, to provide an umbrella of governmental support and security, instead of leaving individual organisations to protect themselves in silos.
For example, the UK’s Active Cyber Defence (ACD) Programme – which looks to reduce the impact of cyber-attacks by providing services that protect against a range of threats – enables a breadth of defence for the whole public sector. This includes the internet connections public sector organisations are making that could indicate if they’re at risk of malware due to software vulnerabilities. They are also able to benefit from tailored threat feeds to avoid becoming overwhelmed with data and allowing them to take action to mitigate the potential damage caused by a cyber-attack.
Information is key here and by taking this broad approach to cyber-defence, the security benefits are maximised through the pooling of threat intelligence by one central body. This means that if, for example, one government body is targeted by a particular threat actor, exploiting a particular vulnerability, other public bodies using vulnerable technologies could be warned. This would help them to respond quickly and more effectively to the incident, armed with the knowledge they have received to help them combat the attack.
Utilising existing infrastructure
The most effective cybersecurity solutions tend to fit within an organisation’s existing infrastructure and utilise the tools they already have at their disposal. Often these are consistent across whole industries. For example, every organisation uses DNS to communicate with the wider web. This means there is a huge amount of information on what is coming in and out of an organisation – including malware and potential cyber-attacks – in that data.
Integrating security within this DNS layer can prevent suspicious connections from being made. This includes if an employee accidentally clicks on a link to a suspicious site set up by criminals. The benefit of this is it fits seamlessly into any organisation, and also does not disrupt day to day operations, with staff being protected without having to change how they work. Crucially, it is scalable. Every organisation uses DNS and so every organisation, or indeed industry, could be protected through the DNS.
The more organisations that use this type of system also means that a greater level of information can be fed back and shared – one operation flagging a suspicious site means everyone else has the information to keep themselves protected.
Government-led
Information combined with fitting solutions into existing infrastructure are two parts to this puzzle. To effectively strip out the silos – and the crucial final piece – governments need to take a collaborative, connected approach towards cybersecurity across the public sector and potentially critical industries beyond that. This will see them bolstering a strong system of defence from the centre that will minimise the cyber-threat faced by the whole nation.
While it will not cure-all, these organisations will be empowered with a base level of security that allows them to spend more time and resources on the fewer number of targeted threats, rather than a large number of lower-level attacks. It also raises the bar for criminals and makes it as cost prohibitive as possible to carry out attacks.
By attacking threat actors from all these angles, the risk of attack will be reduced, and the overall security posture of a country will improve. While many organisations will have their own security defences in place, by pooling resources and using technology that can stretch across the system, the cyber-defence created will be worth far more than the sum of its parts.
By Steve Forbes, Government Cybersecurity Expert at Nominet.