3 Ways the UK public sector can improve security in order to enhance service delivery
From healthcare and education to housing, transport, energy, and so much more, governmental departments across the UK are the critical components of the country’s democratic system which ensures continued good governance through the dispensations of services that meet citizens' needs while representing their interests.
Alongside extraordinary financial challenges, the local government sector has had to grapple with a quickly-changing environment brought on by the disruption of the pandemic, rising geopolitical tensions, and a rapidly digitizing global society. This has driven the need for the digital transformation of the UK’s public sector in order to not only keep pace with the shifting landscape, but also take advantage of the opportunities that emerging technologies have to offer in improving efficiencies and enhancing service delivery.
For example, despite the fact that the UK government had more than 1 800 websites available to citizens in 2010, they still found it difficult to interact with the government online and find the necessary information they needed. Today, the establishment of GOV.UK as a single online home for citizens to interact with the state has improved the direct connection between government departments and authorities and ordinary citizens.
The transformation of government agencies is therefore demonstrably important to facilitate its ability to enable a better quality of life for citizens as technology is a powerful enabler that can help to support better decision-making, ensure the efficient use of resources, promote innovation and inclusion, strengthen transparency and accountability and build a better relationship between the government and its people.
But, as the UK government tries to move towards digitally transforming its governance processes and systems, this shift is introducing a number of new risks and vulnerabilities that could impact their ability to provide service delivery effectively if these vulnerabilities are exploited.
As cyber attacks and threats continue to rise exponentially across the globe, malicious actors are increasingly targeting the public sector as government agencies are responsible for key infrastructure that forms the backbone of the systems that run the country while also storing, generating and processing massive amounts of sensitive data. Cybercriminals can therefore take advantage of any vulnerabilities as a way to either cripple this vital infrastructure or hold it hostage for ransom. In fact, 40 percent of cyber incidents from 2020 to 2021 either directly targeted or affected the UK’s public sector.
While the government embarked on its new Cyber Security Strategy to create a more cyber resilient public sector, protect key assets and citizen data, and ensure the uninterrupted delivery of vital services just last year, government departments across the country - particularly at a local level such as town or county councils -- are currently not fully equipped or underprepared to deal with the increasing sophistication of cybercriminals. However, there are a few simple things that the government can do to maintain a secure digital environment as they increase the efficiency and effectiveness of vital services to citizens.
Employing third party security
It may sound obvious, but outsourcing cybersecurity protection is the easiest/quickest way for the public sector to secure itself from an attack. Companies all over the world have built up their expertise to precisely and efficiently prevent attacks and breaches before they occur.
By looking to established, robust and trusted security solutions, government agencies even at a local level will be able to help protect critical infrastructure and information and ensure privacy and compliance. Strong cybersecurity can help to prevent data loss, especially as government departments share critical information with one another during collaborative projects that enhance service delivery.
Training public servants to reduce risk of a breach
Often the most common vulnerabilities in a cyber attack are not within the digital sphere at all. In fact, it is the people making use of the applications, software and systems which malicious actors gain access through.
However, regular training and exercises for government workers will ensure they are up to date with the latest software and risk by helping them understand how to recognize any risks or potential threats and know what to do once they have identified them. One example of these types of threats are phishing campaigns, which are quite simple in most cases but surprisingly effective in untrained employees.
Maintaining a commitment to privacy and security
Building and enforcing a culture that puts security first will be key to helping combat cyber risks before they become a threat, enabling every single government worker to share responsibility for security, and ultimately help reduce risks.
It is also vital that the public sector set clear standards and processes to assess, prepare for and mitigate security risks in a way that is tailored to the unique vulnerabilities and threats that each department, agency or organization faces as well as the potential impact that a successful attack could have.
This will not only create a more secure and resilient public sector, but also help to facilitate public trust in government departments and agencies which is foundational to achieving better relationships with citizens and providing them with improved service delivery. Currently, public trust in the UK government is down, with 49 percent of the population noting that they did not trust the national government and only 35 percent reporting that they do.
More than this, innovation in service delivery is simply reliant on security. The potential benefits of improved service delivery enhanced by technology is immense, but without robust security, cyber risks will continue to pose a unique and heightened threat to the efficient delivery of key services across the country.
Image Credit: donscarpo / depositphotos.com
JP Perez-Etchegoyen is CTO of Onapsis, a leading global cybersecurity and vulnerability management firm which provides cybersecurity solutions to 20% of Fortune 100 companies. JP discusses what ransomware is and gives advice to businesses looking to prevent and protect against the growing threat of ransomware, before it's too late.