Creating the best cybersecurity defences for the public sector
In the public sector the risks of data breaches are vast, costing millions in halted or impacted operations, lost revenue, data recovery and more. Allied to this is the loss of integrity and reputation when personal and critical data is compromised; as well as the potential for public services - such as national electricity grids – to be disrupted. With governments holding so much sensitive data on citizens, weak data security also poses a real risk to incite cyber-terrorism from international crime syndicates.
Public sector institutions and agencies are prone to facing three types of risks: insider threats, outsider threats and trusted computer-based threats. Within each of these categories the tactics rapidly evolve – demanding high level of awareness and security measures.
But just what are some of the most important security considerations for public sector officials?
Ensure integrated threat management
Government institutions must address every single vector on the attack surface: an ever-growing range of threats including the likes of botnets, distributed denial of service, malware, ransomware, phishing, spyware, worms, trojan horses, hacking, viruses, session hijacking and more.
Threat detection tools should provide ‘360 degree’ visibility of all types of incidents, identifying attempted breaches as they happen in real-time. This analysis should encompass all physical and industrial assets, end-point devices, networks, perimeter and access control points, vulnerability and penetration management, and compliance with standards and regulations.
Such an integrated approach should always leverage security best-practices and technologies that fit within the risk profile of an organisation as well as remain adaptable over time.
Physical security remains a key consideration
Physical security should be part-and-parcel of one’s integrated approach as breaches within offices, data centres or endpoint assets such as smartphones, laptops and flash drives can be just as devastating as cyber-attacks.
Physical security should incorporate everything from manned security and perimeter control, to biometrics and surveillance. To further tighten controls, government institutions should leverage encryption to ensure that data contained on physical assets is inaccessible and unusable.
At the same time, the data should be backed-up and remain available to authorised parties - to ensure that data is not simply lost in the event of physical hardware being stolen or destroyed.
Frameworks and standards
Government departments should use information security and governance frameworks which align with the principles of the Public Sector Risk Management Framework: a policy designed to guide the way departments manage risks (including the risk of data breaches).
Security standards should also consider the type of government institution in question - so the Revenue Service would need to take into account the various data governances that encompass the handling of financial data, while a department like Home Affairs would need to adhere to the Protection of Personal Information (POPI) Act. They should also look at the evolution in the underlying security technology like Cryptography and Encryption standards and adopt or change them as per the latest development, for example US Government adoption of Elliptic curve cryptographic standard in 1990s and moving away from RSA (Rivest–Shamir–Adleman) crypto, however in recent years they have moved away from Elliptic curve cryptographic toward Post-Quantum computing.
Certain overarching frameworks – such as ISO27000, and the National Institute of Standards and Technology – are non-negotiables, always guiding information security in any public sector institution.
Tread wisely with Cloud migration
Cloud security solutions offer a number of benefits to public sector organisations, allowing then to benefit from the very latest defence technology, to easily integrate different security tools to create a customised suite of protection services, and to only pay for the security services that they actually use.
With Cloud Service providers investing in the infrastructure instead of the customer, capital expenditure is minimised, allowing government departments to redeploy funds to core competencies and enhanced e-government service delivery.
Cloud solutions may not be the silver bullet for all data warehousing, backup, recovery and security needs. In high security environments, highly sensitive data resides in on-premise infrastructure with high levels of encryption and physical security.
Ultimately, public sector organisations must remain acutely aware that cyber-criminals are sophisticated professionals, hell-bent on stealing intellectual property and destabilising government operations. As these dark forces never stop experimenting and evolving, it is imperative for institutions to stay ahead of the curve in the race to innovate and protect critical information
Sanjay Vaid, Director, Cybersecurity and Risk Services-Africa, Continental Europe, Wipro Limited
Logi Analytics Webinar: Meet the speaker
Data allows business owners to leverage digital insights and embrace the power of data-driven business intelligence to make more informed decisions that are better for business growth and evolution. By using data to drive its actions, an organisation can contextualise and/or personalise its messaging to its prospects and customers for a more customer-centric approach.
BizClik Media Group and Logi Analytics invite you to explore next-gen embedded analytics in our live webinar. There’s still time to sign up for the event entitled ‘Application Imperative: How Next-Gen Embedded Analytics Power Data-Driven Action’, which is taking place on 10 June at 4 pm BST.
The webinar will be led by Constellation Research’s Principal Analyst, Doug Henschen, who focuses on data-driven decision-making. Henschen’s Data-to-Decisions research examines how organisations employ data analysis to reimagine their business models and gain a deeper understanding of their customers.
Henschen's research acknowledges that innovative data analysis applications require a multi-disciplinary approach starting with information and orchestration technologies, continuing through business intelligence, data visualisation, and analytics, and moving into NoSQL and big-data analysis, third-party data enrichment, and decision-management technologies.
Constellation Research is a technology research and advisory firm based in Silicon Valley. Prior to joining Constellation, Doug Henschen led analytics, big data, business intelligence, optimisation, smart applications research, and news coverage at InformationWeek.
What will the webinar cover?
This exclusive webinar will explain next-gen embedding capabilities that will enable your company to:
- Eliminate unproductive toggling between transactional interfaces and purely analytic dashboards
- Drive two-way interactions between app features and embedded analytics to drive data-driven action
- The compounding impact of embedded analytics on your overall ROI
- Harness analytics as triggers for automated workflows and suggested next-best actions
- Enable developers to build quickly without coding while customising self-service options for end users
Logi Analytics is the only developer-grade analytics solutions provider focused exclusively on embedding analytics in commercial and enterprise applications, empowering the world’s software teams with the most intuitive data analytics solutions and a team of dedicated professionals invested in your company’s success.
Why not sign up today to find out exactly how Logi Analytics can revolutionise your data analytics game?
We look forward to seeing you there!