The pandemic has shifted the perimeters of public sector networks and created new demands for resilience, writes Emma Velle, cyber security specialist for NHS and local government at Cisco
As the digital landscape for the public sector has shifted during the Covid-19 pandemic, so has that for cyber security.
Organisations have achieved a major shift to remote working and stepped up their use of cloud services, and while this has produced operational benefits in the face of the crisis it has also stretched the cyber capabilities of most and made many more vulnerable to attack.
There have been reported breaches of public sector defences, including those of Newcastle University, the Nova Schools Trust and Hackney Council.
Some of the key factors have become more visible over the past year of pandemic, along with the need to have a firm knowledge of the location and purpose of an organisation’s data as a foundation of the response.
This derives from the way the rise of remote working and use of cloud has increased the lateral movement of data, and therefore connectivity of digital systems, inside organisations. This has increased the number of points of potential vulnerability, especially in cases where the spread of home working has involved many people using their own devices.
One result of this has been a widespread recognition that it is no longer enough to simply ensure that everything is behind a firewall. Defending effectively against attack requires the segmentation of systems, so that if one or more shows signs of suspicious activity they can be quickly sealed off to protect the rest of the network. This requires a strong grasp of what data resides where, who has access to it and why, with a strong policy to change the controls in an emergency.
It also requires proper security controls for the exchange of data and access to cloud systems. While the hyperscale cloud providers have made big advances in security, an organisation still has a responsibility for its own data and needs to ensure localised security controls are in place to ensure protection.
This is accompanied by the need to beware of intrusions from outside, often through phishing attacks and the use of compromised credentials. A key element of defence is to have privileged access controls to systems in place, reducing the number of possible intrusion points, and there is a growing momentum for the creation of ‘zero trust’ policies, which demand strong verification for any kind of access. This reduces the risks but places extra challenges on identity and device management, and needs to be continually updated as people and processes change.
