The IT security product firm McAfee and the Digital Government Security Forum (DGSF) have released a report which explores the cyber risks confronting government; titled ‘Operating Securely in the Digital World’.
The report identifies four high priority areas, for the government to address including: a lack of awareness of information security threats at board level, concerns over data security blocking efforts to boost collaboration, data sharing, interfaces between different organisations as key danger points and legacy systems which were not designed for the digital age.
Since its launch in March this year, the DGSF has engaged with civil servants, cyber specialists and technology firms. The report identifies:
§ Lack of awareness of information security threats at board level, causing organisations to fail to provide reassurance that they are meeting their information security responsibilities and cost effectively managing information and cyber threats
§ Concerns over data security blocking efforts to boost collaboration, data sharing, BYOD and more efficient working at a time when government and public services are under pressure to deliver more at lower cost
§ Interfaces between different organisations are key danger points as the government’s prime objective is to join up services and promote greater partnership working and collaboration across sectors
§ Legacy systems which were not designed for the digital age which have encouraged legacy thinking in terms of information security, often resulting in fragmented and siloed security arrangements.
John Thornton, secretary to the Digital Government Security Forum says: “Overall, the UK has made huge progress in information handling and data security following the series of high profile breaches in recent years. There is however no room for complacency. Organisations need to think in terms of security-by-default to deliver digital-by-default and share information in order to counter cyber threats. Cybercrime is global in nature and a strong public-private partnership is crucial to create an environment where public sector organisations can work together for mutual benefit.”
The DGSF recommends to boards and senior managers:
§ Be aware of your risks and put foundations into place: Identify key risks, vulnerabilities and critical information assets; implement basic controls and proactively manage information risks
§ Embrace technology: Ensure that the security technology infrastructure includes comprehensive threat intelligence, risk and behavioural analytics, and robust, resilient and automatic threat protection
§ Use improved information security as an enabler: Support and make possible the savings, service developments and efficiency improvements the digital world offers once security barriers have been removed
§ Develop a culture that embraces change: Share experience and expertise across the public sector to boost confidence from citizens, businesses and government itself into these digital systems
James Stirk, director, government, healthcare, education & CI at McAfee adds: “At a national level, the UK is taking very seriously the importance of cyber threats and information security. However as modern government is primarily about joining-up services, partnership working and collaboration across sectors to deliver more responsive and cost effective services, more work needs to be done to iron out perceived barriers and make it more simple to join-up digital services and share information securely. This report provides tools and guidelines which we hope will help boards, senior managers and information teams in organisations that would like to review their information security strategies and governance arrangements.”
To download the full report visit: https://www.digitalgovernmentsecurityforum.org/?p=224
To enquire about joining the Steering Group or becoming a DGSF member email: [email protected]
