Collaboration the way forward for government cybersecurity?

Report on government cyber security shows phishing, remote working and election security are common concerns.

  • 3 years ago Posted in

Nominet has released the findings of its report, Taking the Pulse of Government Cybersecurity 2020, which surveys government cyber security professionals in the US, UK and Middle East. The research was conducted by the Information Security Media Group and shows a clear perception that collaboration with the private sector is desirable in order to keep pace with change and innovation to ensure robust national cyber defence.

The importance of collaboration between public and private sector

The survey revealed that government cyber security leaders wish to work more closely with the private sector in order to keep pace with cyber threats:

  • 65 percent of government respondents thought the pace of change was too slow in comparison to enterprise and 81 percent believed that a slow pace of change can negatively impact national cyber defence

  • 81 percent also believed that collaboration with the private sector could improve the pace of change

  • 99 percent of respondents said they could learn about innovation from tech and private sector companies and only 22 percent said that they are more cyber secure than most private-sector entities

David Carroll, MD of Nominet NTX commented:

“The appetite for more collaboration between the private and public sector across US, UK and Middle Eastern governments is a great testament to the results already achieved by these sorts of projects. Take Active Cyber Defence and the Cyber Security Information Sharing Partnership (CiSP) in the UK to name a couple. It does beg the question, however, of ‘what more should we be doing?’ If those within government are still keen to move the needle and they feel that industry can help them, we need to be doing more to facilitate an environment where this can take place.

“Much of this is about taking joint responsibility across industry and government for cyber security projects. Whether it is nurturing talent and ideas across public and private sector spheres or investment in accelerators and initiatives that bring together the best minds in cyber to protect us. By working together we limit risk and achieve more, so we should make it a priority to be looking for those opportunities and removing obstacles that might be standing in their way. The old adage ‘it takes a village’ could never be truer.”

The biggest security threats facing the government

The research also gave an indication of some of the government sector’s greatest cyber security concerns and how they would like to see these addressed:

  • 45 percent said phishing poses the biggest risk to government cyber defence overall

  • The highest ranked risk specifically for 2020 was remote working (34 percent). Three quarters of respondents felt their agency is more susceptible to cyberattack when the workforce is working remotely

  • The top choice for more investment in cyber security was in broad solutions that provide a layer of defence (51 percent)

While you might have expected governments to have very specific, nation-state related concerns, its highest priorities are also the most common threats facing the enterprise sector,” commented Carroll. “Phishing attacks are almost 30 percentage points above the next greatest threat, much-publicised ransomware attacks (16 percent), and state-sponsored actors ranked even lower (14 percent). Government security professional’s desire for layered defence suggests that they want a solution for the most common threats such as phishing, what we would call cyber hygiene, so they can focus on the less common but more specific and dangerous attacks.”

One security concern specific to governments is the risk to elections. Perhaps unsurprisingly, in the context of the UK’s recent report into attempted Russian interference with elections, 71 percent believe the outcome of elections could be impacted by cyber threats in 2020. The top two election security-related concerns are fake news/dissemination of misinformation (44 percent) and a lack of trust in the democratic process (30 percent).

“In order to tackle both common, persistent threats like phishing and specific, targeted threats like election interference requires large-scale, national protective interventions to bring citizens, businesses and economies a more secure environment. The aim should be both breadth and depth. The departments, agencies, committees most at risk of attack have to have in-depth levels of security and procedure to protect the most important assets. However, there also needs to be a breadth of security across government on a local level, which is consistent, cohesive and coordinated from the top so there are no weak spots for threat groups to exploit. Not only will this facilitate a stronger security posture but also more opportunities for collaboration to mitigate attacks against governments,” Carroll concluded.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and operational cloud services that is unique on the market, enabling clients across the world to meet the challenges of managing their data in the edge to cloud continuum, in line with the highest jurisdictional data governance requirements. Part of the Atos' OneCloud initiative, Atos OneCloud Sovereign Shield is a comprehensive edge to cloud platform ecosystem and highly secure service that improves the level of control clients have over the data they produce and exchange, helping them regain control and effectively deal with legal dependencies.
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets across Europe with further expansion into APAC planned.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.