The UK government should look to widen its promotion of initiatives such as the Cyber Essentials Scheme in order to address concerns surrounding the adoption of good cyber security practices within the public sector, says Oscar Arean, technical operations manager of Databarracks.
The recent report update to the National Cyber Security Programme has made good progress in seeking to understand sophisticated cyber threats. Even so, it observes a “varied understanding of threats to wider public services.”
The findings from this correlates with evidence from Databarracks’ recent Data Health Check survey of over 400 IT professionals in the UK, which reported that public services were the group most likely to have been hit by a cyber threat. 46 percent of organisations surveyed reported an incident in the previous 12 months. To give that some perspective, that compares to 42 percent of financial organisations and only 30 percent of technology organisations.
Arean states it is therefore imperative that initiatives designed to address cyber security are more widely communicated:
“It’s not surprising that the central government is leading the public sector in terms cyber security practices. For large public bodies or even private businesses, the risk is higher, and they are the organisations with the resources able to protect themselves. For smaller organisations or departments, they have less resources, and it has perhaps been less of a priority until now. The growing risk of a cyber attack means we’re at a point now where we all need to be prepared. Organisations of all sizes need practical advice on how to protect themselves.
“To address this, the UK government already has a great tool in place to solve this issue – the Cyber Essentials Scheme. The scheme has only recently been launched and isn’t mentioned in great detail in the report, but it’s specifically designed to help organisations protect themselves against the UK’s most common cyber attacks. It solves a specific issue for private sector SMEs who may not have any dedicated IT staff, but actually it is equally valid for public sector organisations.
“We expect to see a big increase in the scheme’s uptake over the next few months as it becomes a prerequisite for companies tendering for public sector projects. If the government can successfully promote the scheme to those wider public services outside Whitehall, then not only will it improve understanding and awareness of cyber security, but it will also help deliver value for money by extending the principles of the existing scheme to the public sector.
“If it’s a good idea to make private sector suppliers for the UK government meet the Cyber Essentials security standard, then surely it’s an equally good idea to ensure our public services have the same level of protection from cyber attacks,” concluded Arean.
Databarracks provides secure, Infrastructure as a Service, Backup as a Service and Disaster Recovery as a Service from UK-based, ex-military data centres. Databarracks is certified by the Cloud Industry Forum, ISO 27001 certified for Information Security and has been selected as a provider to the G-Cloud framework. For more information, please visit www.databarracks.com.