Public authorities should not begin with technology when assessing their cyber posture, writes UKCloud account director, Chris Wright
Cyber security is about more than just securing the technology within an organisation. It is about people, processes and the exchange of data with partner agencies - a landscape that is becoming increasingly complex and subsequently making cyber management more challenging.
It is an issue that UKCloud has been addressing in depth over recent years, identifying the core factors that influence a public authority’s cyber posture and finding that, contrary to the popular assumption, the starting point is not in the technology.
Efforts to strengthen an organisation’s cyber capability involve three main elements in addition to the choices for cyber security technology: the wider organisation technology choices, the people, and the processes within that organisation. There is no silver bullet in the choice of technology or the approach; all factors have to be carefully aligned and this needs leadership and expertise to make possible.
As the public sector adopts more digital systems and cloud services, and with attacks aimed at both local networks as well as individual devices, the task of staying cyber safe is becoming more difficult.
The crucial first step to dealing with this, however, is establishing what data the organisation has - where it resides, who owns it, what are its vulnerabilities, and what would be the impact of it being breached.
Trackability and context
This data mapping provides a baseline for trackability and helps to provide a context for threats to the data. Flagging up the risks of a breach, and its likely consequences, to data owners can prompt them into a sense of urgency, win their support for an investment and help to define the budget.
It is part of the good asset management which is essential in creating an effective cyber programme.
There are also significant tools that can support the effort. One of the most important is the Cyber Assessment Framework, developed by the National Cyber Security Council, through which public service providers can identify any weaknesses in need of urgent remedies. It can be used to drive procurement, initially looking for the areas where the spending can have the biggest impact at the lowest cost.
Following this, there are three principles that should shape the response to any cyber-attacks that take place. The first is know when you are being attacked, what type it is and where on the network is happening. Then comes the priority of dealing with it immediately, which requires knowing who is responsible, who is reacting to an incident and ensuring there is sufficient out-of-hours cover.
After the event you have to establish what happened to your data, what - if any - was lost, who was affected by it, who has to explain the situation and whether the gap has been plugged.
Secure by design
Beyond this is the need to aim for ‘secure by design’, in which every change to a network or implementation of a new system should be designed to be secure, simple to monitor, easy to recover and resilient. The key factor is making it possible to react swiftly to any intrusions or suspicious behaviour, arrest the attack and get things running again.
The UKCloud approach does not begin with looking at the technology solution, but working with an organisation to see if it fully understands the threats. It helps to identify the location and vulnerabilities in the data assets, runs playbooks on the common types of cyber-attack and how to protect against them, and sees the organisation through the analysis of any incidents it has endured.
It also helps them to look at their security policies, taking in issues such as whether, in the event of an incident, anyone in the IT department can disable individual computers, remove a device or individual from the network, or even turn off the network while the danger remains.
Along with this is an assessment of the overall level of cyber maturity. There are times when this is lower than the organisation initially believed, in which case the company can provide mentoring to help work on the cyber strategy.
Then comes the talk about technology and tools. There is a capability matrix that involves a wide range of technologies and processes, such as network and asset mapping, threat intelligence, network intrusion detection, network behaviour analysis, deep packet inspection and remote user visibility. These come with a recognition that every organisation has its own dynamic and will therefore require its own combination of these tools.
Cloud capability
UKCloud offers the public sector a cloud hosted cyber security capability as-a-service in the form of CloudSOC. This provides end-to-end protection for applications, networks, endpoints and cloud connections using solutions from a range of partners, and is continually iterated to ensure that it can detect and defend an organisation from the latest threats
There is also scope to either allow UKCloud’s experts to monitor activity and advise on responses, or for you to do it in-house - alternatively we can develop a hybrid model to support internal teams. Overall, CloudSOC provides maximum visibility of the activity on a digital estate – extending to community networks, dedicated links and internet services – as a crucial element of a cyber security posture.
This is becoming increasingly important as organisations step up their collaboration with others, often sharing highly sensitive information, and attacks can appear from anywhere in a wide and complex data landscape. Public authorities need the capability to continually monitor this and lay plans for a swift and effective response to any attacks.
For more information visit here or to find out how you can get started on your cyber journey contact here
Chris Wright recently spoke at UKAuthority Cyber4Good - you can download his slides here or watch his presentation below:
You can also visit the Cyber4Good event hub here: