While the private sector makes a lucrative target for threat actors, the public sector is also under constant threat of cyber attacks.
In October 2023, the British Library was hit by a major ransomware attack and the founder and CEO of the National Cyber Security Centre (NCSC) Ciaran Martin told the BBC that recent attacks on the UK’s National Health Service were not surprising given its outdated systems and cyber policies.
But what might these updates look like? And on a national level, what can be done to protect the public sector from further attacks?
In this episode, Jane and Rory speak to Jonathan Lee, public sector lead at Trend Micro, to discuss the attacks targeting the public sector and what can be done to stop them.
Highlights
“I think what we're starting to find is all of these things are providing citizens with a service, whether it be something that's as critical as your health and your physical wellbeing and your mental wellbeing, in the case of the NHS, or critical services that the likes of a council in Cheshire are providing, if the rubbish is not collected this public health issue there as well. So all of these things are important, there's obviously always going to be a scale that operates at like I mentioned, catastrophic harm, obviously the ultimate catastrophic harm is someone losing their life, which could happen as a result of a cyber attack on the NHS, for example. But then we've got the MoD, we've got all of these different areas that are open to threat actors.”
“So doing the basics right, first and foremost, is really important. But then I think it's all about articulating the importance within an organization, be it a hospital, a government department, a local authority, or in education, it's about articulating from a technical level to the board, the importance of being resilient. Because cybersecurity is effectively a business risk.”
“I think we're further behind than we would like to be in that area around supply chain security. In fact, the NHS has just released a £4.3 million pound fender for a contract to review cybersecurity risks to critical NHS infrastructure, and obviously feels like it's a little bit late with what's happened to the Synnovis.”
Footnotes
- Cyber attack forces London hospital trusts to suspend non-emergency operations
- King’s Speech: Security in the spotlight as government promises new efforts to lock down insecure IT supply chains
- NHS leaders are keen to adopt new digital tools, but IT can't solve problems on its own
- Everything we know so far about the NHS Dumfries and Galloway cyber attack
- Ransomware group publishes stolen NHS Scotland data to dark web
- British Library cyber attack fallout highlights public sector security weaknesses
- Public sector security debt is becoming a pervasive issue
- Security agencies warn of heightened threat to critical national infrastructure
- State-sponsored cyber attacks: The new frontier
Subscribe
