By Sascha Giese, Head Geek™ at SolarWinds
When it comes to IT, much is made of the differences between public and private sector projects. People are quick to point out the world’s most successful go-getting companies use technology to gain a competitive advantage, while the public sector is motivated by the delivery of services to citizens.
Of course, one area common to both the public and private sectors is security. At first glance, it appears bad actors don’t differentiate between dot coms and dot govs. Whether it’s people’s credit card details that are stolen—or the private medical records of patients that are filched—both suffer at the hands of those intent on doing harm.
And yet, scratch away at the surface, and it becomes clear while both may experience the same fate, the motivation behind such attacks can help to influence the way organisations protect themselves.
This is particularly true of government agencies, for example, since they’re increasingly at risk from state-sponsored attacks.
The risk from state-sponsored attacks is real
If governments are to defend themselves against such well-funded and resourced attacks, then they need to implement increasingly sophisticated cybersecurity strategies. This includes not only understanding the threat levels but who’s behind them and what motivates them.
In other words, governments need to get tougher and smarter.
And the first thing they need to understand is that the push for increasingly convenient digital services—prompted by the ease of everyday digital services from online banking to hailing a cab—is opening a new front in the cyberwar.
As governments seek to upgrade their services to meet the needs of the ‘smartphone generation’, the disconnect between cutting-edge front-end and legacy back-end systems becomes ever more apparent.
While the private sector’s approach to such a problem might be to ‘rip it out’ and start afresh, governments—concerned about tax revenues, budgetary demands, and looming elections—tend to adopt a more cautious approach.
This means many public sector IT teams are left to stitch together the old and the new. But it’s complex. It’s challenging. And it has the potential to leave security gaps which can be exploited.
Beefing up cyber defences
That said, all these problems can be addressed. For instance, the simplest way to help IT professionals protect public sector IT infrastructure is to involve security experts much earlier in the project planning process.
Bringing in security professionals from the start allows time to research, study, and understand the risks surrounding the introduction of new technology. Only by understanding these risks upfront can you ever hope to prevent them from happening in the first place.
This approach also applies to organisations that have decided to bite the bullet and invest in new technology. The lessons they can learn from the private sector could prove invaluable, especially when dealing with taxpayers’ money.
Crucially, by adopting such an approach, public sector organisations can better understand the security risks and plan accordingly.
After all, when it comes to IT, there’s no such thing as 100% security—which is why it’s far better to focus on prevention and mitigation instead of striving for total cybersecurity protection.
Having total visibility of defences and attempted breaches is vital
The key is to improve visibility across siloed departmental systems along with improved communication between IT teams. All too often, organisations build teams in isolation based on their respective areas of expertise, which can result in a lack of communication and visibility across different departments.
Breaking down departmental siloes and barriers would give IT teams an unprecedented view of an entire government’s IT environment—not merely their department—allowing them to identify issues more easily.
Of course, any increase in visibility could potentially lead to IT staff becoming overwhelmed with excess information and security alerts. However, the integration of artificial intelligence (AI) as part of a more sophisticated monitoring system could see AI becoming an increasingly valuable tool in the armoury.
As I said at the start, much is made of the differences between public and private sector projects. And yet there is much the public sector can learn from the experiences of private sector organisations.
By breaking down inter-departmental barriers and improving visibility, governments can do what’s in the best interest of their citizens—keep public services cyber-secure and personal information safe.
Recent Comments