Public Sector Cybersecurity – The Stats – Infographic
Data security incidences have been a regular feature of the news this year, particularly those affecting the public sector. In May 2017 the WannaCry ransomware attack was widely reported to have spread throughout the NHS’s internal network, causing disruption for staff and patients alike.
The NHS was not the only victim of this attack – Telefónica in Spain; FedEx; Nissan; Russian banks and telecom providers; and the German railway system were amongst many other victims. However the attack on the NHS was another high profile example of how public sector organisations are vulnerable. The UK health sector saw a 278% increase in cyber incidents in 2016, and was the largest reporter of data breach incidents in 2015-2016 to the ICO.
Increasing Cybersecurity Threats for the Public Sector
The infographic below shows that the NHS is not the only public sector organisation to have reported cyber and data security incidences to the ICO in recent years. As public sector IT networks have become increasingly dynamic to support digital transformation, the threat risk of ransomware, malware and other cyber attack has also increased.
No one is truly safe, and as WannaCry demonstrates, cyber attacks are not always specifically targeted at an organisation, but can also come indirectly from software vendors and 3rd party providers.
It is interesting to note that although the NHS was a high profile victim of ransomware in May 17, NHS trusts have reported fewer ransomware attacks in 2017 than in 2016. Attacks in 2016 affected more hospitals and healthcare settings but received less media coverage. Preventative measures such as more robust cyber security policies, education and more awareness of the threats, may be having a positive impact in this area.
While digital transformation is making it easier for hackers and cyber criminals to breach an organisation’s defences, it also provides the tools to protect and prevent attack. The issue for many public sector organisations is that security is often bolted on rather than being an integral part of any digital transformation programme.
When selecting digital solutions to drive efficiencies and service people in new and innovative ways, public sector organisations should be looking to partner with providers that have security at the core of their products or services.
Reducing Compliance Burdens and Increasing Security
Online payments is a good example of how digital providers can support internal cyber security policies and add value by providing solutions that reduce the risk of data breaches and other incidences.
While public sector organisations have to securely store information about their users – names, contact details, and information pertaining to the services being used – it is possible to remove sensitive data such as financial details (credit or debit card information etc.) from an organisation’s data protection scope. This allows public sector organisations to offer their users convenient and secure ways to pay for services, without increasing their compliance burden.
More information card store and tokenisation – the technology that allows organisations to reduce their PSI DSS compliance costs – can be found here.