Quorum Cyber’s Principal Incident Response Consultant Mark Cunningham-Dickie shared some wisdom he’s gained from working in cyber security for over 20 years in his presentation at the Local Government Partnership Network (LGPN) South in London on 21st November. Quorum Cyber was a sponsor of the event.

The UK public sector continues to undergo a huge digital transformation, supported by the continuous introduction of compliance requirements and industry standards. But as it does it’s a target of nation-state cybercriminal groups attempting to disrupt Western society, steal confidential information, or sit inside critical infrastructure to follow through with another tactic at a later date. So, it’s essential to ensure robust cyber security to protect sensitive data and maintain the trust of the public, the business community, and the government.

In his talk to participants from the local government sector, Mark covered the importance of integrating security measures during IT transformation. He discussed the benefits of enhanced trust, business continuity, and cost savings, while also addressing the pitfalls of neglecting cyber security, such as data breaches, regulatory penalties, and operational disruptions.

Every organisation is a target

While many local government employees who run transformation projects claim theirs won’t be a target or is of minor significance, Mark explained that cybercriminals target the easiest hanging fruit in order to move into their primary target systems. No matter how small a council body may be, everyone is a target, Mark said, listing dozens of town, city, and county councils the length and breadth of the UK that have been victims of cyber-attacks this year alone.

He asked attendees to consider whether IT transformation is really necessary or if optimising existing tools would be more cost-effective and secure in the long run. Mark emphasised that many projects think about security too late: “In 8/10 significant incidents I deal with people say that they were just about to go, or are going, through a project to migrate the issues.”

And while most of the presentation covered aspects of digital security inside and around an organisation, Mark reminded his audience that when employees take their laptops to public places and use unsecured wi-fi in cafes, restaurants, and train stations, they are much more vulnerable to data theft. In many cases when this has happened, the employee has known nothing about it. Physical security, such as restricting access to buildings, offices, printers or other working spaces and equipment, is equally important for preventing incidents.

Key messages

Mark’s main messages that he wanted participants to think about were:

• The defence in depth model is dead
• If you want to save money, use what you’re already licensed for
• Consider security from the start
• Include the processes and policies to support implementations
• Question every aspect of use and operation
• Have a plan for when someone like him turns up to investigate.

Chat to us about protecting your IT transformation programme today

As compliance requirements increase for local government authorities, so does the need for digital transformation projects. We understand the importance of implementing the right way and ensuring they are more than just regulatory checkboxes; they are essential frameworks that can significantly bolster your local government’s cyber resilience.

Join Quorum Cyber experts on 11th December for a live webinar, ‘Going Beyond Cyber Compliance: Understanding How Standards and Frameworks Can Build Resilience for Local Government,‘ to learn more about leveraging compliance for enhanced cyber resilience. Visit our event page for more information.

At Quorum Cyber we protect over 200 organisations around the world from cyber-attacks every day, including many councils in the UK. Contact us about how we can defend your organisation.