Cyber security – an even bigger priority in this age of austerity

Today’s threats are faster, smarter, more prevalent and more elusive than ever before.  In this article Dennis Wilkins, Director for Northern Europe for cyber security leader Sourcefire, talks about why cyber security is  high on the Government agenda and what public sector bodies need to think about in order to make sure they have the right protection in place.
While the outlook for the public sector is tough, cyber security remains a top priority. In October 2010 Prime Minister David Cameron pledged: "Over the next four years, we will invest over £650m of new money in a national cyber security programme”. This statement was recently reinforced with the announcement in February 2011 from Theresa May, Home Secretary, who stated that there would be a £63m increase in police budgets to specifically help target cybercrime. This funding will be spread over four years and forms part of the £650m that David Cameron has earmarked for security.
Meanwhile, Wikileaks has been emptying the diplomatic bag on a regular basis making it easy to see the results of data leakage.  The whistle blowing website has dominated news in 2010 because of its steady drip feed of secret government documents. Prevention against such leaks must remain top of the agenda for senior management in the public sector. Organisations need to be viewed as making the right decisions and this is especially true for highly visible public sector bodies who must be concerned not only with reining in costs, but also not leaving themselves exposed to a high profile data breach or the very real threat of a cyber attack.
Adapting to the Changing Threat Landscape
According to Gartner Research, context-aware and adaptive security solutions are the only way to improve security decisions and support more dynamic business and IT environments. These measures however can only be executed with the right amount of financial and senior level support. The question is will the Governments’ planned injection of funds help to secure this and ensure that cyber criminals are thwarted?
Clearly information that is confidential to citizens, businesses or critical to the National Infrastructure must be protected. In 2010, the coalition government published its National Security Strategy – Security for the Next Generation – in which it has given national security the highest priority. According to the National Security Council, Tier One Risks to the nation’s security over the next five years includes Cyber Attack and International Terrorism with Organised Crime being identified as a Tier Two Risk.
The Government’s Cyber Security document states that “each public sector organisation is responsible for managing its own information risks”. This was backed up with new legislation introduced in 2010 enabling the Information Commissioner’s Office to issue record fines to public sector bodies for serious data security breaches.
Government departments should be aware that guidance is available in the Cyber Security Strategy published by the Cabinet Office.  Protecting data and company confidential information should therefore be a matter of course for any organisation and those in any doubt should consult the guidance provided.  However the reality is that this is easier said that done. The threat landscape is changing and becoming more complex and there is a risk that some public sector bodies will either ignore or make inadequate investment in response to the growing threat landscape. To reduce the risk of data loss or costly service disruption public sector IT departments and their managed service providers need to make sure that they have the best protection available in place.
Protecting the Network
The network is the delivery system of an organisation’s IT infrastructure. It’s also the delivery system for cyber attacks against the business so it’s top priority is to implement effective protection.  Awareness of threats is everything; not only is it vital to monitor and protect against intrusions, but also for data leaks, anomalies in network configuration and anomalies in network operation. However, awareness technologies such as IPS (Intrusion Prevention Systems) can be costly to manage, difficult to interpret and labour intensive. The principal reason for this is a lack of context, i.e. how a security event is interpreted in relation to the environmental conditions at that time. Traditionally, organisations have used experienced and skilled security analysts to derive this context, however this is expensive and not good news in this time of government cuts.
Sourcefire is a world leader in intelligent cyber security solutions. Today Sourcefire serves most of the US Federal Government agencies and in 2010 the number of UK public sector bodies using Sourcefire grew by more than 30 percent.  Sourcefire offers public sector organisations technically superior network security solutions to suit their specific environments. Its awareness technologies enable automated security responses and reduced network administration.
The threat of a cyber attack on vast amounts of confidential information held by UK public sector bodies and Central Government has never been greater and investment to protect against these threats must be prioritised.  I will leave the readers with one sobering thought: The 2008 Beijing Olympics experienced 12 million cyber attacks per day! You can therefore see how attractive a target the 2012 UK Olympics will be for criminals and others seeking to defraud and potentially disrupt.
For more information