McAfee and the Digital Government Security Forum have released a new report exploring the cyber risks confronting government and offers recommendations to mitigate these risks.
The report, ‘Operating Securely in the Digital World’, provides the outlines of a suggested Review Process and proposed Development Framework to organisations review their information security strategies and governance arrangements.
Since its launch in March this year, the DGSF actively engaged with civil servants, cyber specialists and technology providers to help guide the development of the Forum and to assist in quality assuring the work produced through the initiative.
The report identifies four high priority areas, for government to address as it continues to make greater use of technology to meet austerity targets and improve the delivery of digital public services:
– Lack of awareness of information security threats at board level, causing organisations to fail to provide reassurance that they are meeting their information security responsibilities and cost effectively managing information and cyber threats.
– Concerns over data security blocking efforts to boost collaboration, data sharing, BYOD and more efficient working at a time when government and public services are under pressure to deliver more at lower cost.
– Interfaces between different organisations are key danger points as the government’s prime objective is to join up services and promote greater partnership working and collaboration across sectors.
– Legacy systems which were not designed for the digital age which have encouraged legacy thinking in terms of information security, often resulting in fragmented and siloed security arrangements.
John Thornton, secretary to the Digital Government Security Forum says: "Overall, the UK has made huge progress in information handling and data security following the series of high profile breaches in recent years.
"There is however no room for complacency. Organisations need to think in terms of security-by-default to deliver digital-by-default and share information in order to counter cyber threats."
The DGSF recommends that boards and senior managers are aware of key risks and vulnerabilities and implement basic controls to proactively manage information risks. They should embrace technology and use improved information security as an enabler to develop a culture that embrace change to boost confidence from citizens, businesses and the government into these digital systems.