Public sector security failings leave UK at risk, says think tank
Leo Daniels • November 2, 2020
This is a subtitle for your new post
The pandemic-driven surge in remote working
since March is exacerbating pre-existing vulnerabilities and highlighting the parlous state of cybersecurity in the UK’s public sector, according to a new report
compiled for think tank Reform
– which advocates the reform of public services – alongside IT services provider DXC Technologies.
The report noted a spike in cyberattacks against public sector bodies across Europe and said this should prompt fears over the “patchwork” nature of cybersecurity in the UK’s public sector.
“Hospitals running on outdated systems and minimal awareness of cyber threats, particularly among the local government workforce, is a recipe for disaster which ministers urgently need to address,” said Eleonora Harwich, report co-author and research director at Reform.
“The resilience of our public services has already been tested to an unprecedented degree since the start of the pandemic. A WannaCry-level attack now would be devastating, literally putting lives at risk.”
Reform is concerned that what it terms “inadequacies” in public sector security, coupled with the impact of the Covid-19 pandemic, increases the likelihood of another large-scale cyber attack similar to WannaCry, which impacted 80 NHS trusts in 2017 and ended up costing the health service
over £90m.
It said that although new guidelines have been set around security since WannaCry, and some improvements made, the NHS in particular still relies too heavily on outdated operating systems. From publicly available data, it inferred that the health service may have up to 150,000 systems still running Windows 7, for example.
Reform’s report also said poor resilience in local government was becoming an increasingly acute concern, again because the pandemic has forced the rapid digitisation
of many public services, with hard-pressed local authorities unclear how to keep such systems up to date and secure, and many delaying the roll-out of security protocols to reduce operational costs.
It cited documents from the Department for Digital, Culture, Media and Sport (DCMS) stating that outside central government, 25% of public sector security leaders do not feel confident providing security training materials or sessions, and 27% of local public sector bodies find themselves with a basic technical skills gap.
Reform is urging the government to take account of these failings in the next iteration of the National Cyber Security Strategy, which will be published soon.
It called on the government to mandate National Cyber Security Centre (NCSC)
Cyber Essentials training for anyone handling sensitive information in the public sector, ranging from civil servants to clinicians, teachers and council staff.
It also wants the strategy to include strict, yearly audits, conducted at random, of local public sector bodies, and a kitemark of technology judged secure for use in the public sector.
“Our use of the internet has increased massively during the Covid-19 pandemic,” said MP Ruth Edwards, commenting on Reform’s recommendations. “Whether we are using it to stay in touch with friends and family or to shop online, the internet has provided a vital communications lifeline for many people during the lockdown. But this also leaves us more vulnerable to cyber-attacks.
“Cybercriminals are targeting individuals and companies every single day. These attacks are becoming more sophisticated and often quite difficult to spot. That is why we need to invest in training the next generation of cybersecurity practitioners.
“From coders and phishing experts to ‘white hat’ ethical hackers, we need to upskill our economy and create new jobs. Cybersecurity will be one of the most important industries worldwide in the next decade, and we can’t get left behind.”
We’re 1-fix, we can help you secure your business
At 1-fix, we take a realistic approach to technology – ensuring our client’s systems are best protected.
If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.
Join Our Mailing List
All sign-ups are handled inline with our privacy policy and can unsubscribe at any time.
Recent Blogs
Businesses are constantly seeking ways to enhance productivity, collaboration, and security, all whilst managing costs effectively. Microsoft Office 365 presents a comprehensive solution that caters to these needs. Here’s a breakdown of the seven key benefits of using Office 365 for your business.
In recent news from Microsoft, there’s significant information affecting charity organisations that rely on Microsoft 365 for their everyday operations. Microsoft has announced that it will be discontinuing the Microsoft 365 Business Premium grant, which currently provides 10 free licenses to nonprofits, with termination slated for March 8, 2026 . Therefore, charities currently benefitting from this grant must prepare for upcoming changes.
Staying efficient and connected has never been more important for businesses. With the increasing demand for remote work solutions and collaborative tools, migrating to Microsoft Office 365 is becoming an essential strategy. In this blog post, we’ll explore the many benefits of Office 365 migration, how 1-Fix can assist you in the process, and how swift and seamless this transition can be.
We explore the recent cyber attacks on Marks & Spencer and the Co-Op and learn how SMEs can protect themselves against rising cybersecurity risks.
Cyber Essentials 101: what every business needs to know. Thursday 8th May, 2pm
We’re absolutely delighted to share that our Client Manager, Lee , has been shortlisted for the Hidden Hero Award at the Comms Business Awards – and we couldn’t be prouder!
