Digital transformation in the public sector: balancing the risks with data-driven cyber security

The possibility of falling victim to a cyber attack should not deter the public sector from moving to the cloud.

The 35 million people who saw Skyfall back in 2012 were in for a treat – thrills, tension, and a spectacular hacking attempt against the UK public sector. While many have picked up on the evident flaws in the Bond version of MI6’s approach to cyber security, the film provokes an interesting reminder that in our rush to digitise public services, there is certainly more to be done in ensuring that these services are secure. Cloud adoption in the public sector has risen to 78% in the UK in 2017 according to the Cloud Industry Forum. This is encouraging in showing that the public sector is moving towards adopting digital cloud-based technologies, but it is debatable whether the current cyber-security protocols are up to date for this new type of environment.

Public sector BYOD

These days most employees in both public and private firms have at least two devices connected to the company network – a personal phone and a work computer, often a laptop. While the organisation itself may have robust network security, with these types of devices, it is very easy for users to download confidential information from a cloud server and then access it while connected to a different, less secure network. In fact, 52% of data breaches are attributed to human error, according to CompTIA.

While organisations can ensure they are educating their employees about the importance of not sharing confidential information over unsecure connections, it can also be useful for organisations to be able to track who has accessed which bits of information in the cloud environment. This is especially effective in monitoring for corporate whistle-blowers, or habitual leakers. Data lineage technology can keep track of who is accessing, copying or changing information, while big data analytics can be used to spot erroneous activity from different individuals or groups within an organisation. For example, if a person is channelling terabytes of data out of the organisation, or repeatedly accessing information that isn’t pertinent to them, the system can spot this and alert management. The advantage of automating this is that the system can scale to detect these types of activity across the organisation, in a way that humans cannot.

The rise of DDoS

According to recent research from Corero Network Security, organisations in the US were hit by 237 DDoS attacks per month on average, during Q3 2017. This represents a 91% increase compared to Q1, highlighting that this ever-popular cyber-attack remains a pertinent threat to organisations both in the public and private sectors.

When it comes to public sector services, the damage that downtime can cause is often not just financial, but can severely hamper essential public services. The 2007 cyber-attacks on Estonia impacted the parliament, several news organisations, banks and presented a major threat to national security on a scale that had previously been unprecedented. As we increasingly digitalise services such as health and transport, it’s not hard to imagine the potential for chaos should a successful DDoS take one of these critical infrastructure networks offline.

However, far from being immitigable, sophisticated real-time mitigation software can make use of big data analytics to identify and block IP addresses making repeat suspect requests. The very size of a DDoS attack’s botnet could actually work against it, providing more data to help the intelligent computer system learn to detect and stop current and future threats.

Compared to the traditional approach to mitigating DDoS attacks by preventing all connections to the service, blocking only the suspect IP addresses allows the majority of users to continue accessing the network without experiencing significant disruption. Machine learning and big data processing form the essential backbone of this, allowing computers to bear the brunt of analysing, categorising and pattern detection of different IP addresses.

The threat of malware

The public sector only needs to look back a few months to the Petya, NotPetya and WannaCry malware attacks to see the types of chaos that ransomware Trojan horses can cause. At NHS hospitals in the UK, doctors were unable to check patient records, issue prescriptions, or order vital tests – leading to delays in treatment and risk to patients. Unsurprisingly, the review by the Department of Health found that there were lessons to be learned in developing a response plan for such attacks.

The sad truth of the matter is that ransomware attacks are more likely than ever before. Attacks are increasing in both volume and complexity, and without a more advanced approach to analytics, the public sector risks falling prey to more such attacks in future.

Unlike DDoS attacks where there are identifiable sources that can be blocked and redirected, malware is harder to spot. When a malware threat emerges, there will be certain pieces of information connected to it that remain consistent – either a behavioural pattern or physical bytes of code. Historically, these could be detected by humans, but modern malware tends to adapt and evolve itself. This makes the signatures almost impossible to track manually. However, big data analytics, which can look at a much wider range of the data, can spot larger-scale patterns and trends in malware – helping security experts detect and combat them.

But if big data is the stitch in time that saves nine for many of the cyber-security threats facing organisations today, then efficient data management is the thread without which the solution would be impossible. Without being able to pull together all of the different data streams from a range of different servers and systems into one consistent format, analysis on this sort of large scale would be impossible. This is where a vendor-agnostic, open-source approach to data integration is a crucial part of the digitisation process for security-conscious public sector entities.

The threat of cyber-attacks should not deter the public sector from adopting data-driven, cloud-based technologies. After all, the potential benefits of such technologies – from centralised medical records to sensor-driven city management – are hard to overstate. However, in the process of digitising, public sector organisations need to ensure they are also sparing resources to embrace the data integration and data analysis tools needed to back up their digital technology with robust cyber security provisions. This will be key to ensuring that the public sector is able to keep pace with the 21st century’s rush on innovation, which requires organisations to be flexible and dynamic, but above all, secure.


Article Link: