What do you believe are the top cybersecurity challenges facing public sector organisations?
The initial three challenges that come to mind when posed with this question are:
- Limited resourcing
- Cyber security culture
In terms of frequency I believe the increase in victims of cybercrime will be driven by the connected world, Internet of Everything and the global culture to live in a society of convenience. As every aspect of our lives becomes connected there will be increased vulnerability to the consumer and the supplier increasing the demand on public sector services.
The current and future capability is controlled by the financial spending pressures upon public sector organisations, resourcing, equipment and training comes at a cost which needs to be met in order to ensure we are able to service the inevitable growth in demand. Organisations therefore need to adopt a culture where cyber security is seen as everyone’s responsibility, not just of the digital natives and a threat that is hear right now and not one that is coming over the hill.
In your view, how has the Internet of Things (IoT) changed the threat landscape?
The Internet of Things has changed industry, consumers and society considerably. Change is dictated, encouraged and sought after by the consumer who in the current climate has a thirst for convenience through connectivity. This social outlook drives the market to be innovative and creative in developing new products and technologies.
Whilst this change provides numerous benefits and opportunities it brings risk and vulnerability to our connected assets which are at much greater risk of compromise. It is essential that connected products are developed responsibly to maximise security and minimise threat.
How do you think effective cyber ‘hygiene’ practices can be instilled in employees?
Cyber Hygiene needs to become second nature and an unconscious action. When considering our virtual lives we lock our homes and cars, put on seatbelts, install smoke alarms, look right and left when we cross the road and wash our hands before eating. We need to get our employers to a position where the same can be said about cyber security.
The route needs to be through education if we can change the way people behave and the social attitude towards cyber security then we have a chance to be effective against it. We need to instill in everyone that whoever you are in an organisation your role plays a part in cyber security and demonstrating how and why and the consequences.
Looking ahead to the next five years, what do you see as being most concerning in cybersecurity?
There have been a number of reports predicting this over the next five or so years, I found several of the predictions on the recent McAfee cybersecurity report very interesting, including the following points:
- While there has not yet been a surge in Internet of Things and wearable attacks, by 2020 install bases of these systems could reach substantial enough penetration levels that they will attract attackers.
- The volume and value of personal digital data will continue to increase, attracting cyber thieves, and potentially leading to new privacy regulations around the world.
- Attackers could look for weaknesses in firmware and hardware as applications and operating systems are hardened against conventional attacks. Also the growth on the dark market for malware code and hacking services could enable cyberespionage malware used in public sector and corporate attacks to be used for financial intelligence gathering and the manipulation of markets in favour of attackers.
However, I also agree that the security industry will develop more effective tools to detect and correct sophisticated attacks. Behavioural analytics could be developed to detect irregular user activities that could indicate compromised accounts. Increases in threat intelligence is also likely to deliver faster and better protection of systems.
Shelton Newsham is the Detective and Regional Prevent & Protect Lead at Yorkshire and Humber Regional Cyber Crime Unit. If you would like to know more about the shifting cyber security environment across the public sector, you can hear him speak at the Public Sector Solutions Expo on 20 November. To register or find out more, please click here.