Data and securityCyber SecurityCyber security starts with people and processes

Cyber security starts with people and processes

Cyber security is a big deal for the public sector given the need to protect a growing volume of sensitive data form increasingly sophisticated cyberattacks. GovTech Leaders spoke to Keiron Holyome, Director – UK Public Sector at McAfee, to get his thoughts on the current situation in the sector, the need for common standards and better education on the topic.

Cyber security is, without doubt, a major challenge for organisations across the public sector. Increasingly regular and sophisticated attacks, many of which are state-sponsored, coupled with digitisation and the vast amounts of data being stored, means that more and more effort is having to be put into cyber defence.

This defence is no easy task either, as Keiron Holyome, Director – UK Public Sector at McAfee points out. “In our public sector world where there are interdependencies of multiple stakeholders, cyber security can be complex. We see end-user customers who use multiple systems integrators, vendors and/or providers. Get this interdependency wrong and it can cause carnage.”

As a result, McAfee is working hard to create an open architecture that people can plug into and use to develop solutions and work together on to build a cohesive solution. However, as Keiron explains, technology is one thing, but you must get the people and process in place too – which is where education is vital.

“The culture around people and processes and making sure people understand what they’re trying to do with data, for example, in a safe and secure way, is all about education. I think we need to do more education – and earlier. Why not take it right back to the school curriculum and add a cyber security element? If you’re going to do IT, this is how you stay safe.”

Cyber security as an enabler

Mistrust of technology and concerns of security are most definitely holding back take-up of technology, both at a citizen level and internally from staff who are having to migrate to digital from paper-based processes. Once again, Keiron thinks education can help to overcome this problem.

“If we start with education the downstream benefits are inherent – you no longer try to reteach a culture, security is the culture. It’s at the forefront of people’s minds, so we will automatically – even subconsciously – be more aware.

“Cyber security has always been seen as a disabler, not an enabler, and that view needs to be broken, because it’s simply not true. Effective security enables an organisation to continue its work and manage risk. Education will once again help to overcome this barrier.”

Shared direction

As well as education, Keiron talks passionately about the need for a shared security standard. He believes this will enable greater sharing of information and skills across public sector organisations.

“If there is commonality around what you’re trying to achieve from a standards perspective it absolutely, makes it easier to work together because there is one truth for that standard around which a service can be designed,” says Keiron. “Where you are able to select the standards you use and apply those to your service, when you try to interoperate with somebody else that has designed a service to suit their chosen standards, it creates complexity.

“A set of very clear unambiguous standards would help organisations come together. The less complex something is, the less investment is needed to develop solutions. If we could have a defined set of standards – which I admit is tough to do in an industry that is fast moving – it would lead to cost savings and enhanced customer service as new solutions could be taken to market faster.

“There’s no getting away from the fact that having a book of common standards gives you a very quick and easy reference that helps know that if you apply this standard it leads to this outcome that solves this problem.”

Keiron continues on to say that in many ways this all leads back to productivity. “Ultimately, I think everything we’ve discussed so far comes back to productivity. We want to provide an experience for our customers that enables their organisation to be as productive as it can be. We don’t want security to get in the way. When we go into some of the most secure areas of government, sharing documents and information can be difficult, for obvious reasons. Removing those barriers would make those departments more productive and more collaborative.”

Looking to AI

As the cyber threat grows, Keiron says he’s seeing more and more public sector organisations turning to technology to help.

“We’re seeing a number of trends in the public sector space. Cloud adoption is continuing to grow, which is good, and Brexit is clearly generating complexity and uncertainty. Another major trend we’re seeing is a move to human and team machine learning combinations. AI provides the ability to triage attacks and provide analysts – the human element – with the ability to focus in on the highest risk threats. It takes away the burden of everyday monitoring, allowing them to really deliver value in their roles.

“Customers are now looking seriously at AI, partly because there’s a lack of relevant skills and resources at the disposal of CIOs, CTOs and so on. They simply can’t deal with the volume of threats and their sophistication effectively without turning to technology. This highlights the need to get the people and processes side of security right, which takes the discussion full circle and back to education. That’s why it’s so important.”

Related Articles

UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

3y Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

3y Jay Ashar
AI support: Outnumbered but not outgunned

Cyber Security AI support: Outnumbered but not outgunned

4y Piers Wilson
MoD invites applications for the design phase of Cyber Risk Tooling

Cyber Security MoD invites applications for the design phase of Cyber Risk Tooling

4y Jay Ashar