G-Cloud suppliers must get into a national security mind-set
Public sector data is now a daily target by foreign actors, according to the Chancellor of the Exchequer Philip Hammond’s recent speech at the opening of the National Cyber Security Centre (NCSC).
This means that G-Cloud suppliers to government need to adopt an appropriate culture of security if they are to prevent becoming the weak link, says Kevin Timms, COO and co-founder of managed services provider Streamwire.
According to Ciarin Martin, head of the new NCSC, the UK has been hit with 188 attacks that have threatened national security in the last three months alone, with public sector organisations facing the brunt of it. A Freedom of Information (FOI) request issued by Secure Cloudlink to London councils further highlighted the adversity facing the public sector, with 64 per cent of organisations suffering a data breach in the past four years.
Kevin Timms said: “With cyber attacks now a regular occurrence and some posing severe threats to state-security, the whole supply chain needs to take a serious look at their current security systems and practices. Data security for companies on the G-Cloud can’t be just a tick against compliance metrics. A proactive culture of thinking in terms of national security – that the data you are entrusted with is being looked at as a target by foreign governments or organisations who mean our country harm, is now needed. Employees within an organisation need to be aware of the online threat and be in a better place to tackle the risks.
“The significance and power of data has grown so fast that it is sometimes hard for everyone in an organisation to grasp quite how important it is. So, when the government starts to use terms like cyber warfare with regularity, then suppliers that look after any type of public sector data need to get into a new mind-set. It’s not just about building a bigger firewall, and technology can only go so far to protect data. Ultimately, it comes down to employees and how they behave, how they handle data on behalf of their customers.
“Conducting a full IT security audit can help to mitigate security risks. The results from this analysis can help remove complacency of existing cyber security systems, and also indicate whether possible legacy systems are still able to handle modern-day threats. Additionally, the audit has the ability to analyse where the vulnerabilities are across all areas of interest, including physical network access, server systems, physical access, and human behaviour, thus providing a clearer picture to make improvements.”
Professional Security – http://www.professionalsecurity.co.uk/products/cyber/culture-call/