Competing priorities biggest roadblock to cybersecurity

According to a Freedom of Information (FOI) request, the biggest roadblocks for the UK public sector organisations when maintaining and improving cybersecurity are competing priorities (71%), followed by budget constraints (67%) and a lack of manpower (59%).

The FOI request was conducted by SolarWinds investigating cybersecurity challenges and preparations in UK public sector organisations. Responses to the FOI request were attained from 28 central government organisations, 164 NHS trusts and Clinical Commissioning Groups (CCGs).

Observations and inferences

According to the FOI, over a third (38%) of respondents claimed to have experienced no cyberattacks in 2018, compared to 30 percent who said the same for 2017. There was also an increase in the number of organisations reporting in excess of 1,000 cyberattacks. 18% of respondents said this was the case in 2018, up from 14% in 2017, despite the Minimum Cyber Security Standard being published in June 2018, a guideline that 98 percent of respondents were aware of.

The Minimum Cyber Security Standard, the standard presents a minimum set of measures that helps UK public sector organisations to identify, protect, detect, respond to and recover from cyberattacks.

Other observations and inferences from the FOI were:

• Complexity of the internal environment at 48% was the fourth-most challenge experienced by public sector organisations after competing priorities, budget constraints and lack of manpower.
• With 68& of NHS trusts and CCGs reported budget constraints as an issue, compared to 50% of central government respondents, budget concerns were more of a problem for healthcare organisations than for central government.
• Attacks were predominantly phishing or malware—95% of organisations that shared the types of attack they had experienced cited phishing, and 86% had experienced malware.
• The least common types of detected attacks or threats according to respondents were from malicious insider threats (3%) or foreign governments (3%).
• Firewalls (98%), antivirus (98%), and malware protection (96%) were the three most common solutions deployed. 94% also had patch management. The least common tools were log management (73%) and network traffic analysis (74%). 9% of organisations had not invested in employee training for the whole organisation around cybersecurity, and 15% had not invested in additional employee training for the IT team.

Sascha Giese, Head Geek, SolarWinds, said: “While preparation is generally high throughout the public sector, the growth in large numbers of attacks shows that there is still significant risk. These results highlight the importance of finding simple-to-use, affordable, and scalable security solutions that can work across the varied IT environments like those in the NHS and central government, to ensure the most comprehensive protection available for these vital services.”

Counter measures towards cybersecurity

The UK government plans to assess the cybersecurity capability landscape. Margot James, Minister for Digital and the Creative Industries announced a call for views to increase the UK’s cybersecurity capability through a policy paper: Initial National Cyber Security Skills Strategy.

Cardiff council is leading the way in cybersecurity by introducing compulsory cyber awareness training for its staff. The council has made cyber awareness a key priority to counter the cyber attacks on councils happening daily.