Fortinet explores the top five cybersecurity issues that the public sector is facing and urges those in charge to gain a better understanding of leading cybersecurity technologies and how they work
Hackers are constantly inventing new ways to bypass security measures to steal both money and sensitive data. There’s a 2021 threat for every organisation – but especially the public sector. From the current debate around outlawing the paying of ransomware to the global turbulence in the aftermath of the Solarwinds attack of 2020, few face a more rapid rise in malicious threats than the public sector. Which is why it is crucial that its leaders understand and embrace the only things that can protect against cyber-attacks –effective technology and cybersecurity readiness.
Those in charge need to better understand the leading cybersecurity technologies and how they work within the public sector. As a result, organisations will be better poised to make informed decisions about which solutions to implement and why. Let’s have a look at five top cybersecurity challenges that the public sector is increasingly facing.
Advanced threat protection against ransomware attacks
Ransomware is quickly becoming a prolific threat, again. The public sector is particularly vulnerable to this type of attack due to a patchwork of outdated technology and operating systems across healthcare, education, local and central government. Advanced Threat Protection (ATP) can be helpful in detecting and investigating anomalies in network traffic automatically – even potentially closing down access to parts of the network to protect it if a threat is identified. It’s almost like having a security guard in every ‘room’ of the system.
This is particularly useful against external hackers leveraging social-engineering attacks. These are cybersecurity attacks which exploit humans rather than flaws in the system itself, such as tricking unsuspecting users into giving access to the system, or transferring money.
A sandbox can also be used to protect against malware threats. A sandbox is an integral part of ATP, utilising a small, isolated piece of a network that can be used to ‘test’ any new, suspicious code to make sure it doesn’t harm the rest of the network. If the code does contain malware or other security threats, any damage done stays confined within the sandbox and cannot escape. Any suspicious activity can then be turned into a signature (an identifying label), and shared across your security estate, to improve your security posture and reduce risk.
It’s not necessary to be world famous to be at risk – a local council is just as likely to get hit by an attack as a key Ministry, perhaps even more so. Which is why being able to sandbox malicious code is something that public sector bodies will find particularly helpful.
Keeping pace with the volume of attacks
It’s no surprise that cyber threats are increasing in complexity and intensity. The UK saw a 20% increase in cyber security threats in 2020 compared to the previous year, meaning public sector IT is facing an uphill battle to try and keep up. One way that the public sector can keep pace is through the use of Machine Learning (ML) and Artificial Intelligence (AI).
ML is used to describe algorithms that find patterns in huge amounts of data. In the context of security, ML analyses data to detect malicious threats in many different ways, including finding threats from within existing public sector systems. It can also be used to detect malware particularly prevalent in government attacks such as JS/Banker, which in 2020 caused 2.4% of all attacks on public sector organisations according to the latest twice yearly FortiGuard Labs Global Threat Landscape Report.
Within cyber security, ML is normally associated with AI. AI is a group of technologies that focus on building machines and programs capable of achieving things that traditionally require the intelligence of a human. Deployed within various parts of the network, AI in cybersecurity allows smaller public sector IT teams to focus on the more complex security issues.
From a security perspective, AI and ML can be used to keep up with rapidly evolving threat methods by automating threat detection. This is especially applicable now due to remote working and the proliferation of BYOD (Bring your own device).
Zero Trust Network Access – A fail safe for remote working
Many workers have been working remotely for well over a year now, and that includes employees of the public sector. However, remote working comes its own set of risks. Public sector employees who may not be fully aware of the threats they face, personal devices that may not have the appropriate security settings installed, or non-IT approved applications can all leave a public sector organisation vulnerable. But adopting a Zero Trust Network Access (ZTNA) model for remote working can help. ZTNA is a security model that means anyone trying to access your organisation’s resources is required to provide strict identity verification each and every time they want to access a network resource. This is different to traditional access security in that even those inside the organisation have to provide identification, whereas previously everyone inside the network would have been trusted by default. As you can imagine, this causes havoc if an attacker managed to gain access – once inside, they have free rein to do whatever they want.
Again, for complex organisations like those in the public sector who may also share this internal trust with other giant public sector bodies, or allow partners access via VPN, keeping this sort of threat away is essential.
Securing complex network infrastructures
Public sector organisations generally have a rather complex infrastructure environment, whereby many regional groups, trusts and third parties require access and collaboration. There is also the increased use of the public cloud to consider. Maintaining connectivity and visibility over these massive IT estates can be challenging for organisations that often use more than one vendor, application or software type. SD-WAN or software defined wide area networks simplify the building and management of wide area networks. Their primary purpose is to provide fast, scalable and flexible cloud connectivity and better application performance. SD-WAN makes a more cost-effective use of network circuits, and even internet-based connections, but with the same secure risk posture and enterprise level security. Those in the public sector will benefit from being able to deploy new code faster with zero touch provisioning – a feature that enables devices to be configured automatically rather than manually. It also makes it easier for remote sites to connect to networks – perfect for organisations with many staff continuing to work from home without the technical know-how and time to establish proper security protocol across a vast range of personal devices.
Secure SD-WAN uses firewalls and advanced routing to prevent malicious threats such as ransomware – something that government bodies need to be especially vigilant about given that 14% of them detected it within their systems in 2020.
Technology to the rescue
Nobody is ever 100% immune from daily-evolving cyber-threats, but with awareness of the issues and with these new technologies at the helm, public sector organisations can rest assured that the risks they face can be reduced. These technologies represent the next-generation of cybersecurity, helping to protect against the changing threat landscape. Despite sounding complex, they’re incredibly cost-effective, adaptive, easy to integrate end-to-end, and surprisingly user-friendly. All that’s left to do is to decide what’s right for your organisation.