10 Oct 2023
by Nathan Tittensor

Fortifying the frontlines - Elevating cyber resilience in the public sector amidst advanced threats and skills gaps

Guest blog by Nathan Tittensor, Director at tmc3 Limited #techUKCyber2023

Being responsible for critical infrastructure and/or highly sensitive data puts public sector organisations at uniquely high risk from the most advanced cyber threats. In an era of dizzying technological advancements and profound geopolitical shifts, increasing cyber resilience in the public sector is vital.

With state-sponsored actors and sophisticated cybercriminals increasingly targeting public sector entities, a solely preventative approach to cyber security is no longer viable. Here's a detailed look at how public sector organisations can boost their cyber resilience proactively.

Taking an “Assume Breach” Mindset

The most advanced threat groups and threat actors pour significant time and resources into breaching prized targets like public sector organisations. Attackers exploited 55 zero-day flaws in 2022 alone—these vulnerabilities, for which there is no patch, trade for hundreds of thousands of pounds on dark web marketplaces and private hacker forums. Nation states allocate significant chunks of their cyber security budgets to offensive security programs that often target public sector bodies in other countries.

The assume breach mindset starts out by recognising that keeping all adversaries out is impractical given the current threat landscape. Instead of adding more preventative controls to keep out the threat du jour, you take the mindset that your defences are going to inevitably get breached. From this starting point, the challenge then becomes limiting the impact of a successful cyber attack.

Some central tenets of the assume breach mindset are:

  • Accepting reality by recognising that even the most fortified systems may have vulnerabilities. This understanding helps public sector entities prioritise detection and response, not just prevention.
  • Using the belief that a breach can occur anytime to ensure continuous, real-time monitoring of network environments for early anomaly detection and swift mitigation.
  • Creating robust incident response protocols that kick in the moment you detect a breach or anomaly to limit the damage.
  • Preemptively dealing with availability or integrity-based issues through effective business continuity planning and disaster recovery solutions.
  • Encrypting sensitive data assets at rest and in transit to ensure that even if adversaries access data, they can't understand or use it.

The Link to Zero Trust

The "assume breach" mindset naturally leads to the adoption of zero trust security. If public sector organisations operate under the assumption that a breach is inevitable, then they must also assume that anyone, whether inside or outside the organisation, could potentially be compromised. Joe Biden’s May 2021 Executive Order set the tone in the US for federal government departments to move towards a zero trust architecture in recognition of today’s dynamic and increasingly sophisticated cyber threat environment in which merely trying to keep out the bad guys doesn’t suffice.

So, how does a zero trust approach improve resilience in the public sector?

The first point is that zero trust addresses attacks where bypassing perimeter controls, such as the login for a user’s account, leads to unrestricted access to internal resources. By removing inherent trust from any device or user and validating each access request, unrestricted access becomes far more challenging.  Zero trust also uses dynamic risk assessments. For example, if a user's behaviour suddenly changes (like accessing files they've never accessed before), the system can revoke or limit their access in real-time.

Micro-segmentation is a key principle of zero trust that divides the network into multiple zones, limits traffic flow between them, and requires separate authentication per zone. So, even if attackers breach a segment of the network, zero trust’s micro-segmentation ensures that they can't easily move laterally. This segmentation also helps protect legacy public sector systems that might be hard to upgrade by isolating and restricting access to them.

Addressing Cyber Skills Gaps in the Public Sector

The public sector's challenges in cyber security aren't only technological; they are significantly impacted by human factors, including knowledge gaps and staffing challenges. Public sector entities often have salary caps or strict budgetary constraints that prevent them from offering competitive salaries compared to the private sector.

Cyber security professionals, given their high demand, can command substantial salaries in private firms or tech companies. As a result, the public sector often struggles to attract or retain top talent. One recent report highlighted a 30 per cent of public bodies have advanced cyber skills gaps, which is not ideal given they are more likely to face advanced cyber threats.

Even when the public sector manages to train or develop skilled cyber security professionals, there's a tendency for these individuals to migrate to private sector roles once they've gained adequate experience. The allure of higher salaries, better perks, and sometimes, more advanced technological environments can be hard to resist.

Partnering with a seasoned cyber security services firm not only bridges this skills gap but also equips public entities with advanced tools and methodologies. The desirability of outsourcing is reflected in the trends which show that 52 per cent of public sector organisations outsource some element of cyber security (compared with 33 per cent in the private sector).

In particular, public sector organisations should look for services based on preparing for, responding to, and recovering from the inevitable attacks that result in compromises. A trusted cyber security partner can elevate the public sector's resilience to safeguard both infrastructure and the vast amounts of sensitive data it handles.

In Conclusion

For public sector organisations that are constantly under the microscope of sophisticated threat actors, embracing the "assume breach" mindset and integrating the principles of zero trust into their cyber security strategy help to improve cyber resilience. Layering private sector partnerships on top of those strategies to address skills gaps will further strengthen resilience.


techUK’s Cyber Security Week 2023 #techUKCyber2023

The Cyber Programme team are delighted to be hosting our annual Cyber Security Week between 9-13 October.

Click here to read all the insights

Join us for these events!

11 October 2023

Cyber Innovation Den 2023

Central London Conference

Cyber Security Programme

The Cyber Security Programme provides a channel for our industry to engage with commercial and government partners to support growth in this vital sector, which underpins and enables all organisations. The programme brings together industry and government to overcome the joint challenges the sector faces and to pursue key opportunities to ensure the UK remains a leading cyber nation, including on issues such as the developing threat, bridging the skills gap and secure-by-design.

Learn more

Join techUK's Cyber Security SME Forum

Our new group will keep techUK members updated on the latest news and views from across the Cyber security landscape. The group will also spotlight events and engagement opportunities for members to get involved in.

Join here

Upcoming Cyber Security events

Cyber Security updates

Sign-up to get the latest updates and opportunities from our Cyber Security programme.

 

 

 

 

Related topics

Authors

Nathan Tittensor

Nathan Tittensor

Director, tmc3 Limited