A new report from Intel Security and the Digital Government Security Foundation (DGSF) has called on the public sector to change its mindset towards cyber security from ‘incident response’ to ‘continuous detection and response’
The Future of Information Security report says the key issues of the future will be combating sophisticated attackers, speed of response, responding to the increasing complexity of the modern IT estate, addressing skills and people issues and reacting to the Internet of Things.
Healthcare is one area of the public sector identified as being seen as an easy target for ransomware and other attacks from cyber criminals, the report says.
Another critical weakness in the public sector is the supply chain, particularly when small companies who have less resources for cyber security are involved.
Richard Pharro, CEO of accreditation and certification body, APMG, believes that all firms in the public sector supply chain should be signed up to the government’s Cyber Essentials standards, and that government should not work with any firm that is not.
He said: "While there is arguably more work to do to secure the public sector supply chain, the Government has set a good example by demanding that certain suppliers certify against Cyber Essentials. There is a strong case that the public sector should hold their suppliers to a similarly high account and make Cyber Essentials a mandatory requirement for doing business."
Security also tends to be very fragmented in the public sector, the research found. It has been implemented on a tactical basis reacting to new developments and changes in types of threats, consequently becoming very siloed.
It calls for corporate ownership of cyber security, with people and skills seen as essential.