Sascha Giese, Head Geek™ at SolarWinds, explains how US cybersecurity trends could help the UK navigate future threats
The US has continually been the subject of frequent cyber security threats, with attacks having continued to surge and US ransomware attacks targeting local and county governments increasing 196% between 2018 and 2019.
Mirroring the US trends, the UK has experienced impactful breaches in recent years, with the Foreign Office targeted by a serious cybersecurity incident costing nearly £500,000. In fact, 40% of 777 incidents managed by the National Cyber Security Centre between September 2020 and August 2021 were aimed at the public sector.
In the changing geopolitical landscape, UK public sector digital leaders can learn valuable lessons from the US’s incident trends and its handling of emerging threats to protect their assets.
Threat intelligence informing cybersecurity and strategy
Understanding the increasing intelligence, behaviour, and tactics of hackers can help build proactive strategies to counter threats. Cybercriminals continue to adapt their working practices to exploit the shift to hybrid working, targeting organisations’ supply chains and network links to achieve maximum disruption.
Recent research of US public sector cybersecurity risks highlights some critical changes emerging, with external attacks surging ahead of internal threats for the first time in five years. Findings highlight the primary source of external security risk is believed to be the general hacking community (56%), closely followed by unwitting and ignorant staff (52%) and foreign governments (47%). Remarkably, foreign governments (56%) account for the most significant increase in concern for public sector respondents.
Due to the complex nature of the public sector, the perspectives around risk are far from typical. For instance, US state and local governments (63%) are more likely to be concerned about the threat of the general hacking community than other public sector groups. Conversely, Federal civilian agency respondents (58%) are more likely to perceive security-ignorant insiders as a threat compared to the defence community (41%).
Less surprisingly, defence respondents (68%) are the most likely to perceive foreign governments as a potential cybersecurity threat, compared with civilian (53%), state and local government (46%), and education (25%) respondents.
Changing concerns for cybersecurity threat types today
When asked about specific types of security breaches, the public sector’s level of concern over ransomware (66%), malware (65%), and phishing (63%) was the highest last year. However, it’s taking longer to identify and resolve breaches, as 60% of respondents claimed detection and resolution time either remained the same or worsened between 2020 and 2021.
Some key reasons for this included a lack of training (40%) and lean budgets and resources (37%). The new work-from-anywhere workstyle also caused security concerns within the public sector, with 32% noting the expanded perimeter as a key reason for poor detection and resolution. Insufficient data collection and monitoring was also viewed by 31% of professionals as a key setback for early threat detection. Local governments, at 25%, are half as likely as state government respondents (50%) to view budget constraints as an obstacle to maintaining or improving IT security.
Using technology to fight cybercrime in the public and private sector
The ways in which US public sector organisations are strategising to minimise security challenges influences public sector organisations across the world. The 2021 US Cybersecurity Executive Order shows the top-ranking compliance priorities are the improvement of investigative and remediation capabilities and breaking down the barriers for public and private sectors to collaborate around threat intelligence.
The security best practices directed in the executive order focus on data classification, directing agencies to identify their most sensitive data sets and use the information to prioritise implementing protections such as multi-factor authentication, encryption, and enhanced security logging to protect them better. Migration of their applications and systems to secure cloud services is also a priority. The UK Government’s own 2022 Government Cyber Security Strategy: Building a cyber resilient public sector mirrors this approach.
Security strategy has stepped up a gear with over 75% of US public sector respondents taking a zero-trust approach (whether formally or informally implemented). Additionally, 70% are already adopting the principle of least privilege (PoLP) or plan to within the following year. Investment in IT security solutions over the next year is set to increase, with 77% of respondents prioritising network security software and infrastructure priorities of replacing legacy applications (60%) and migrating to the cloud (60%) also ranking highly.
With evolving cybersecurity challenges for public sector organisations in the US and the UK, authorities in both markets are dedicated to building a coordinated response to strengthen their security posture. UK public sector cybersecurity leaders cannot afford to overlook the sharing and understanding of US security incident experiences, insight, and trends that could help them stay ahead of increasingly sophisticated threat actors and keep enemies at bay.