Blog Layout
Public sector security failings leave UK at risk, says think tank
Leo Daniels • November 2, 2020
This is a subtitle for your new post
The pandemic-driven surge in remote working
since March is exacerbating pre-existing vulnerabilities and highlighting the parlous state of cybersecurity in the UK’s public sector, according to a new report
compiled for think tank Reform
– which advocates the reform of public services – alongside IT services provider DXC Technologies.
The report noted a spike in cyberattacks against public sector bodies across Europe and said this should prompt fears over the “patchwork” nature of cybersecurity in the UK’s public sector.
“Hospitals running on outdated systems and minimal awareness of cyber threats, particularly among the local government workforce, is a recipe for disaster which ministers urgently need to address,” said Eleonora Harwich, report co-author and research director at Reform.
“The resilience of our public services has already been tested to an unprecedented degree since the start of the pandemic. A WannaCry-level attack now would be devastating, literally putting lives at risk.”
Reform is concerned that what it terms “inadequacies” in public sector security, coupled with the impact of the Covid-19 pandemic, increases the likelihood of another large-scale cyber attack similar to WannaCry, which impacted 80 NHS trusts in 2017 and ended up costing the health service
over £90m.
It said that although new guidelines have been set around security since WannaCry, and some improvements made, the NHS in particular still relies too heavily on outdated operating systems. From publicly available data, it inferred that the health service may have up to 150,000 systems still running Windows 7, for example.
Reform’s report also said poor resilience in local government was becoming an increasingly acute concern, again because the pandemic has forced the rapid digitisation
of many public services, with hard-pressed local authorities unclear how to keep such systems up to date and secure, and many delaying the roll-out of security protocols to reduce operational costs.
It cited documents from the Department for Digital, Culture, Media and Sport (DCMS) stating that outside central government, 25% of public sector security leaders do not feel confident providing security training materials or sessions, and 27% of local public sector bodies find themselves with a basic technical skills gap.
Reform is urging the government to take account of these failings in the next iteration of the National Cyber Security Strategy, which will be published soon.
It called on the government to mandate National Cyber Security Centre (NCSC)
Cyber Essentials training for anyone handling sensitive information in the public sector, ranging from civil servants to clinicians, teachers and council staff.
It also wants the strategy to include strict, yearly audits, conducted at random, of local public sector bodies, and a kitemark of technology judged secure for use in the public sector.
“Our use of the internet has increased massively during the Covid-19 pandemic,” said MP Ruth Edwards, commenting on Reform’s recommendations. “Whether we are using it to stay in touch with friends and family or to shop online, the internet has provided a vital communications lifeline for many people during the lockdown. But this also leaves us more vulnerable to cyber-attacks.
“Cybercriminals are targeting individuals and companies every single day. These attacks are becoming more sophisticated and often quite difficult to spot. That is why we need to invest in training the next generation of cybersecurity practitioners.
“From coders and phishing experts to ‘white hat’ ethical hackers, we need to upskill our economy and create new jobs. Cybersecurity will be one of the most important industries worldwide in the next decade, and we can’t get left behind.”
We’re 1-fix, we can help you secure your business
At 1-fix, we take a realistic approach to technology – ensuring our client’s systems are best protected.
If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.
Join Our Mailing List
All sign-ups are handled inline with our privacy policy and can unsubscribe at any time.
Recent Blogs
Data loss can occur due to various reasons, including hardware failures, cyberattacks, natural disasters, and human error. To protect your business from these risks, it's crucial to implement a strong data backup and security strategy.
While technology is essential for a successful business, it can also be a significant expense. Fortunately, there are several strategies you can implement to reduce IT costs without compromising on quality or performance.
Businesses are constantly faced with decisions about how to best manage their IT infrastructure. One of the most significant choices is whether to adopt cloud services or stick with on-premises solutions. Both options have their advantages and drawbacks, and the right choice depends on your business's specific needs and goals. Let's explore the key differences between cloud services and on-premises solutions to help you make an informed decision.
Nowadays, businesses rely heavily on technology to operate efficiently and stay competitive. However, with the increasing dependence on IT systems, businesses also face a myriad of IT issues that can disrupt operations and impact productivity.
One of the most effective tools to protect your business against cyber attacks is a password manager. But what exactly is a password manager, how does it work, and why is it essential for your business?
One of the most effective ways to protect your organisation from cyber threats is through Security Awareness Training. But what exactly is Security Awareness Training, how does it work, and why is it essential for your business? Let's explore these questions with a focus on KnowBe4, a leading platform in this field.
Get in Touch
Fill in this form to contact us and we'll get back to you ASAP (same working day where possible):
Contact Us
1-Fix Limited
Company Registration Number: 06543233
Registered address:
1-Fix Limited
1F02 Arena Business Centre, 100 Berkshire Place, Winnersh Triangle, Wokingham, Berkshire RG41 5RD
