Keiron Holyome, VP UKI, Eastern Europe, Middle East and Africa at BlackBerry discusses cyberattacks and the public sector

How are cyberattacks evolving? And how significant is the threat of cyber warfare?

“Cyberattacks are becoming more sophisticated and severe, as shown in our latest 2022 Threat Report. Threat actors now possess the tools once thought to be solely the domain of nation-state attackers, allowing them to carry out more frequent, skilful and targeted attacks. As such, the danger against the UK’s government departments and public infrastructure is at an all-time high.

“For the public sector specifically, the key is strengthening cyber defences and maintaining citizen operations around the clock, which calls for organisations to make significant investments in sophisticated tools and highly skilled staff. Yet, the public sector often finds its IT staff are stretched thin or not sufficiently equipped with the specialist knowledge and tools to manage complex security technologies.

‘A 24×7 monitoring and mitigation managed extended detection and response (XDR) could be the missing link’

“A 24×7 monitoring and mitigation managed extended detection and response (XDR) – a cybersecurity approach that collects and analyses data from multiple sources to predict, prevent, discover and respond to cyberattacks – could be the missing link for public organisations, which are frequent targets for cyberattacks with the potential for widespread damage.”

What organisations are most at risk from cyberattacks in the public sector?

“The cyberattacks we have seen so far that appear to be linked to the Russia/Ukraine conflict confirm that no industry, institution, or state is immune. However, government departments are a particularly attractive target for both state-sponsored and financially motivated attacks due to their access to sensitive information. Ongoing attacks against Montenegro’s government headquarters is a recent example of this, crippling their critical infrastructure including banking, water and electricity power systems.

‘No industry, institution, or state is immune from cyberattacks’

“Closer to home, Hackney Council in London is reported to have spent two years and over £12 million recovering from a ransomware attack that crippled its local government operations and resulted in sensitive citizen information being published on the dark web.  Education and healthcare facilities are also prime targets for the wealth of sensitive information that flows around the organisation. These organisations, amongst others, also regularly engage third-party contractors, which exponentially increases their threat landscape.

“Furthermore, government departments are often pressured to do more with less, operating in fast-paced environments and working under continuous stress. Staff are compelled to make quick decisions and can fall victim to social engineering “muscle memory” attacks.”

How can public organisations better protect themselves?

“All of this reinforces the need for organisations to think about the triumvirate of people, process and technology. Educating staff to spot and report potential threats, and establishing and maintaining processes for diligently auditing and managing the software supply chain will tackle two of the leading causes of cyberattacks.

“We would also recommend that public organisations aim to be more proactive – and less reactive – in their cybersecurity strategy. This means deploying threat-informed defence technologies and managed services to counter pervading skills and resourcing challenges that create gaps to be exploited by bad actors.”

“Public organisations and government institutions need to choose security partners that are equally innovative, using advanced technologies such as artificial intelligence and machine learning to remove blind spots faster and with the same rigour as our adversaries seek them. By building up a strong bastion of preventative security, UK organisations can increase their resilience in the face of global cyber threat and warfare.”

 

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here