Get in Touch
In the recently-published Government Cyber Security Strategy report for 2022 to 2030, the UK government underlines that cyber security is now critical to the defence of the country. It details its commitment to significantly strengthening cyber security for all public sector organisations, announcing that “£2.6 billion will be invested in cyber and legacy IT, of which government cyber security is a critical component”. It further states that “£37.8 million of additional funding is also being invested to tackle cyber security challenges facing local councils to protect vital services and data, alongside targeted investment in our most critical departments”.
Quorum Cyber continues to invest to strengthen its teams of certified cyber security professionals and we’re ready to support the public sector across the UK. We have the expertise and experience to protect local and regional government departments of all sizes, and of varying IT maturity, from evolving and emerging cyber threats, allowing you to serve your communities in confidence.
Cybercriminals have a track record of attempting to sabotage and extort money from public sector bodies of all sizes and complexity. To date, their preferred methods have mostly been phishing and ransomware attacks. When successful, they have encrypted the victim’s data, leading to the government authority taking one or more of its systems offline, which in turn can bring some services to a standstill. Criminals demand a ransom fee to free up the data again.
There’s no guarantee that criminals won’t sell any stolen data on the dark web, or won’t attempt to attack the organisation again at a later date – even if they are paid the ransom. And many of these attacks go undetected until it’s too late to respond.
Such incidents can be very expensive. As well as handing over any money, councils have had to rebuild their IT systems, which can cost millions of pounds. Services can be disrupted indefinitely while the council – sometimes working with outside technology consultants – tries to fix the problems and bring services safely back online. And the public’s trust in their local or regional authority, which also stores residents’ data, can be put under pressure too.
As many government employees have had to work from home during the past few years, more organisations have become more vulnerable to phishing and ransomware attacks, which have increased in severity.
In addition, some government bodies are much further advanced with moving from on-premise legacy systems to the cloud. Organisations with older technology are often more susceptible to cyber-attacks and they can also take longer to apply any software patches that product vendors release for them to improve security. Technology vendors can swiftly protect those organisations that have transferred to the cloud without any effort on their part.
The cyber threat landscape is continually evolving, creating new challenges for all sectors of the economy. Providing essential services for their communities, public sector authorities can’t ignore the risks posed by cybercriminals who are becoming more sophisticated at infiltrating IT infrastructure and breaching third-party suppliers.
Storing a wide range of information
Government agencies keep large amounts of personal data, such as names, addresses and other confidential information, which has a monetary value to criminals.
Councils have been threatened with data leaks if they don’t pay the ransom fees demanded to release encrypted data. In addition to potentially being very costly and severely damaging to their reputation, such incidents can compromise their ability to serve the public for indefinite periods of time.
Criminals carefully plan well-disguised phishing campaigns against government employees in an attempt to breach their employer’s networks. Phishing is an ever-present threat for all industries and can do serious damage to any organisation when targeted at unwary individuals.
Increased online service delivery
Since the start of the pandemic, even more public services have moved online, opening further opportunities for phishing, ransomware and malware attacks. The public sector needs to safeguard these services around the clock, while monitoring for, and responding to, any cyber threats.
Vulnerabilities in third-party supply chains
All public sector bodies buy goods and services from external suppliers. As organisations strengthen their defences, threat actors probe for weaknesses along the supply chain and attempt to infiltrate third-party suppliers as an indirect way into their primary target.
Hybrid working models
As more government employees have worked from home during the past few years, the chance of devices being lost or stolen has increased. Furthermore, a widespread workforce is harder to protect from cybercriminals who take advantage of human behaviour and working habits.
Highly targeted by threat actors
Knowing that essential public services often run around the clock to keep the country running, they have always been high-priority targets for criminals who aim to make a quick profit. Threat actors are often financially motivated, and they are skilled and experienced at attacking organisations when and where they are weakest.
G-Cloud helps public sector customers in the UK find and buy a wide range of cloud computing services from approved suppliers at a fair price while avoiding a lengthy procurement or tender process. At present, we offer the following services:
- Azure Security Engineering
- CREST Penetration Testing
- CREST Vulnerability Management
- Cyber Security Consultancy
- Cyber Security Incident Response (CSIR) and Investigation
- IT Health Check
- Microsoft 365 Security Assessment
- Microsoft Sentinel Security Operations Centre (SOC) and Managed Detection and Response (MDR)
- Phishing Simulation
- Phishing Protection (Big Red Button)
- Security Director as a Service
- Security Maturity Assessment .