Previous issues with public sector security practices are potentially fuelling an increase in exploitation by hackers, putting the UK at risk.
A new report published by think tank Reform indicates that public sector security failings are causing a spike in cybersecurity issues during the pandemic and calls for a rethink of sector security to help combat it.
Reform noted in the report that a spike in attacks against public sector bodies was taking place across Europe and prompting fears over the “patchwork” nature of cybersecurity in the UK’s public sector.
“During the Covid-19 pandemic, the surge in home working – including by the public sector workforce – has increased vulnerabilities,” the report states.
“According to a recent report from INTERPOL, this shift has occurred concurrently with an uptick in cybercrime targeting governments and critical health infrastructure, as opposed to individuals and small businesses.”
Reform says this has revealed an essential need for a “robust” cybersecurity strategy to be implemented in the public sector, to help “deter cyber-attacks, ensure secure daily usage of technology, and appropriately respond to an incident if one should occur.”
Eleonora Harwich, report co-author and research director at Reform, commented: “Hospitals running on outdated systems and minimal awareness of cyber threats, particularly among the local government workforce, is a recipe for disaster which ministers urgently need to address.
“The resilience of our public services has already been tested to an unprecedented degree since the start of the pandemic. A WannaCry-level attack now would be devastating, literally putting lives at risk.”
- EIE20 | Digital innovation key to ‘building back better’ post-pandemic
- Cybersecurity framework launched to protect NHS and public sector
- The State of Scotland’s Public Sector Digital Transformation 2018
The UK is currently at the forefront of cybersecurity policy, with strong cybersecurity strategies and organisations such as the National Cyber Security Centre (NCSC).
However, when it comes to dealing with cybersecurity incidents, the systems currently in place are “wholly inadequate to the scale of the task facing the government,” referencing the 2017 Wannacry ransomware attack on the NHS.
Reform says incidents like this, and the next National Cyber Security Centre strategy due to be published in 2021, should be an opportunity to “take stock and examine the progress so far in creating cyber-resilient public services” whilst identifying “key areas for development”.
Recommendations include putting a greater focus on “the capability of the public sector workforce” in order to increase cyber resilience and an increase in knowledge sharing to “allow best practice to be replicated.”
As well as this, the report suggests mandated NCSC Cyber Essentials training for anyone handling sensitive information in the public sector, and “more effective maintenance of infrastructure across the sector”.