Cyber Security and The Public Sector

In recent years, the public sector has seen the threat of cyber-attacks rise significantly. Local authorities, healthcare providers and other public service providers, all hold sensitive – and therefore lucrative – data, making for a very appealing target. The public sector has proven to be such a target for a number of reasons. One being the constant pressures of budget constraints that are, sadly, far too prevalent in the current political and economic climate. And, what is even more concerning, a lot of the data held by these types of organisations concerns some of the most vulnerable in society.

We are seeing increased interest and investment at board level with regards to an organisations’ cyber security. Public sector leaders have come to realise that, although securing the necessary budget for the more adventurous projects – the ones that display high levels of ROI – is critical, they must also consider investing in the less attractive – but equally as important – preventative measures in order to safeguard their business.

In 2019, around 33% of all UK public sector organisations reported being targeted by some form of cyber-attack* – which is a reduction from those who reported attacks the previous year ***. Almost 20% of this number were targeted with around 1,000 different attacks. This stat, alone, is terrifying. However, when we consider the fact that, in 2019, the third sector also came under increased attack – with 22% (or two of every ten) UK charities* experiencing cyber-attacks – then it is clear that this is a threat, a war of sorts, that is not going to go away.

We know that organisations who store personal data are more likely to experience an attack, who can forget the worldwide ransomware attack – known as WannaCry – that impacted countries and businesses across the globe and which, ultimately, cost the NHS somewhere in the region of £100 million**.

According to the Cyber Security Breaches 2019: Statistical Release Survey, the most common cyber threat facing the UK public sector is, by far, that of phishing, particularly through the use of fraudulent emails and malicious websites. 80% of UK public sector businesses who reported a breach or attack within the last 12 months suffered from some form of phishing attack in 2019. The consequences of any such attack are wide ranging and can encompass anything from loss of files to disruption of digital services to the more sinister loss of money or sensitive data.

Phishing lures can appear in many different forms, but there are common traits to look out for when considering a potential phishing attack. Urgent messages around financial information is one of the most common, as is information about a recent package (which you, generally, cannot remember ordering!?). Some of these lures are far more obvious to the common staff member than others, though there are many more sophisticated, and so, dangerous, lures in operation.

One promising thing to note, amongst the gloom of what seems like an insurmountable onslaught of threat actors, is that considerably fewer public sector organisations are seeing serious loss of money or data as a result of these increased attacks; largely due to the preventative measures being put in place across the sector.

If any of this seems like it is too much for any one organisation to handle, that is exactly where people just like Quorum Cyber come in. Quorum Cyber, amongst a range of other Professional and Managed Security Services, provide protection for organisations against phishing attacks. Quorum Cyber’s Big Red Button provides a simple way for users to verify if a suspicious looking email is malicious, without having to rely on their own technical knowledge.

Resources such as G-Cloud – the UK Government framework for businesses within the UK public sector who are looking to find and buy cloud computing services, such as hosting, software and cloud support, including many off-the-shelf, pay-as-you-go cloud solutions – are vital resources. Quorum Cyber offer 13 cloud support services on G-Cloud 12, including Phishing Protection, providing the necessary skills, knowledge, and, above all, resources to ensure that all of our customers are as protected as they possibly can be in the face of such an ever present – and constantly evolving – threat.

If you work in the UK public sector and you would like to know more about any of the issues touched upon above, contact the team today and find out how we can help your organisation stay safe right now. Or, visit G-Cloud now for a list of our cloud support services currently available on G-Cloud 12, as well as a full list of service features and benefits.

Related Articles:
* Cyber Security Breaches Survey 2019: Statistical Release
** Lessons learned review of the WannaCry Ransomware Cyber Attack
*** House of Commons Committee of Public Accounts Cyber security in the UK