This week’s Ask the Expert is answered by Paul Parker. Paul is chief technologist for the federal and national government business division of SolarWinds, a US-based provider of IT management software.
Ask the Expert: How can public sector businesses strengthen their network security?
A recent report by the U.K. Office for National Statistics (ONS) shows that 56% of all fraud incidents are cyber-related, and computer misuse crime referred to the National Fraud Intelligence Bureau by Action Fraud has increased by 63%. According to the report, the surge in business-related computer misuse can be attributed to a massive 145% rise in malware and DDoS attacks over the past year.
This figure worryingly points to a shift in focus for cybercriminals from consumer-targeted attacks to the more lucrative enterprise sector, which includes many public sector organisations. As we are faced with regular news headlines about hackers, security breaches, and all manner of online threats, how can public sector organisations strengthen their network security?
As with any quest, you must overcome obstacles, barriers, and challenges. Factors such as cloud migration, network modernisation, and even basic technology updates can render you vulnerable. Limited resources and budgetary constraints only compound the challenges.
Three steps to stronger network security
1) Improve network visibility. We cannot control what we cannot see, and we cannot find what remains hidden to us. This includes the threats that may be plaguing our networks. That’s why implementing solutions that can be configured to deliver in-depth network visibility is critical to achieving network security. Continuous, automated monitoring is essential in the mission to root out threats from both inside and outside the network.
2) Continue cybersecurity training. In a survey of U.S. federal IT professionals, 54% cited “careless or untrained” insiders as posing the biggest security risk, and it is likely a similar story in the U.K., meaning training is a must-have to bolster cybersecurity efforts. Public sector organisations need to invest in empowering staff with the knowledge and tools required to create and maintain better security postures. Additionally, training must be continuous and held at regular intervals. It’s not sufficient to have one-off sessions and call it a day; the threat landscape is changing too rapidly for that type of approach. Staff must keep abreast of evolving risks, as well as actions they can take to mitigate those risks.
3) Improve IT controls. IT controls also play a key role in risk management efforts. Some 79% of the participants in the survey identified their ability to provide managers and auditors with evidence of appropriate IT controls as either “good” or “excellent.” Those high-performing organisations tend to experience fewer cyber threats, faster response times, and improved results from modernisation efforts. All of these factors point to the importance of IT controls as a cornerstone of better network security.
Ultimately, IT professionals are all on the same quest. Everyone—including those working in the public sector space—seeks to ensure their respective networks are secure. Monitoring and reporting tools can help us on this quest, but so can the appropriate amount of training.