Steps needed to deliver a robust public sector cyber security strategy


Legacy IT infrastructure risks opening the doors to more cyber crime. In spite of this, as of July 2020, Windows 10 had only been installed on 846,000 devices across the NHS, even though NHS Digital has clearly set out the dangers of unsupported licenses and requires Extended Security Updates to be specifically purchased to combat them. Additionally, all NHS organisations - apart from one that had already upgraded - signed up to receive free, centrally-funded Windows 10 licenses when Microsoft security support ran out for Windows 7 in January 2020.
These are among the findings of a new report from Westminster think tank, Reform, 'Resilient public services in an age of cyber threats'. The report is particularly pertinent at the moment as COVID-19 has accelerated the digitalisation of processes and working practices for most organisations, with more working from home, virtual meetings, video conferencing and virtual patient consultations. Whilst this rapid adoption of technology is generally seen as a positive, it does carry its own risks, prominent among which is increased vulnerability to cyber attack. 
A robust IT infrastructure - comprising the hardware, software, network, operating system and data storage needed for an IT environment to function - is essential to maintain the security of public services. This means organisations must invest in the upkeep of these systems.
The NHS has already experienced, first-hand, the consequences of legacy IT failing to stop a ransomware attack when WannaCry impacted around 80 of 237 Trusts, resulting in the cancellation of almost 20,000 hospital appointments and operations back in 2017. 
Legacy IT is not the only weak spot when it comes to cyber security across the public sector. People are also a problem. The leaders of organisations need to position cyber security as fundamental to service delivery and not just view it as an additional operational cost.  
Leaders also need to understand the importance of training staff in basic cyber hygiene procedures. There is, the report states, a cyber security skills gap, at basic user and high-level. It is a gap that is exacerbated by a global shortage of these professionals, across both public and private sectors.
A fragmented approach to the issue with individual organisations being responsible for their own technology, and confusion over standards and guidance, as well as challenges in procurement, such as lack of budget and difficulties in assessing the cost-effectiveness of replacing legacy infrastructure, represent additional barriers.
The report concludes that the government needs to do more to address the skills gap across the public sector workforce. It also needs to introduce stricter enforcement methods to ensure legacy systems are maintained properly, and should consider what it can do to spread good technology, such as introducing clear manufacturing protocols and kite-marking cyber-secure products.
Read the full report here. 

Have Your Say

There are currently no comments for this article

Oct 29, 2020 TWITTER
HEFMAUK 1321746211230109697 HEFMA 29:Oct:2020 09:30:28 To improve compliance with hospital food standards and Government Buying Standards across hospitals, including retail operations, the Hospital Food Review recommends extending the scope of CQC inspections #NHSFoodReview2020
Oct 26, 2020 TWITTER
HEFMAUK 1320670792384946177 HEFMA 26:Oct:2020 10:17:08 Hospital Food Review published #NHSFoodReview2020 - sets out a clear direction of travel for hospital catering to provide the best care and support for patients - 'food is medicine' - and the health and wellbeing of staff
Oct 23, 2020 TWITTER
HEFMAUK 1319589465497755648 HEFMA 23:Oct:2020 10:40:20 Conference targeting the management of grievance and discipline within the NHS says it's time to find a new approach to conflict resolution that doesn't provoke fear but harnesses brilliance