In today's increasingly connected world, cyber threats have become a significant concern for organisations of all sizes. The cost of cybercrime is rising, and the number of successful attacks is on the rise, too. As a result, many organisations are taking a proactive approach to protecting their sensitive data, reputation, and financial stability.

PublicTechnology, in partnership with Sophos, brought together a panel of experts to discuss how public sector bodies can go on the front foot against cyber threats. Among them were Detective Superintendent Paul Lopez, director of the Eastern Cyber Resilience Centre; Kevin Curran, group leader for the Cybersecurity & Web Technologies Research Group at Ulster University; and Jonathan Lee, who at the time was UK director of public sector relations at Sophos. The panel examined the current cyber landscape, the tools that can help organisations to harness a proactive approach to threats, and what organisations can do to address the skills gap.

The cyber landscape

The rise of cloud computing, the Internet of Things (IoT), and mobile computing has increased the number of entry points for attackers, making it harder to secure an organisation's infrastructure. In addition, cybercriminals are continually evolving their tactics, becoming more sophisticated in their attacks, and exploiting new vulnerabilities. For Curran, the reactive approaches to cybersecurity, such as relying solely on firewalls and antivirus software, are no longer enough to protect an organisation's digital assets.

Curran explained that taking a proactive approach to cybersecurity means being prepared for potential threats and mitigating risks before they can be exploited. This approach involves investing in security measures such as threat intelligence, vulnerability assessments, and penetration testing.

He said: "We can have two basic cybersecurity measurements in place: multi-factor authentication and firewalls across the network, and good patch management. But being proactive is about protecting the low-hanging fruit by removing the services that aren't necessarily needed. These endpoints tend to be the easiest for cybercriminals to enter your network. Training your staff is also important."

For Curran, by identifying potential vulnerabilities and threats early on, organisations can implement preventive measures to reduce the risk of cyberattacks. This approach also involves educating employees on cybersecurity best practices, ensuring robust password policies, and implementing access controls to protect against internal threats.

To learn more about Sophos Managed Detection and Response, visit sophos.com/mdr

Cyber essentials

Lopez told webinar attendees that a proactive approach to cyber means getting in front of the problem – a key part of which lies in closing the skills gap.

"Try to improve your knowledge and the skills of your staff, but also [improve] intelligence sharing," he said. "The Police Cyber Alarm is a really good tool, which sits on your network logging malicious attacks and shares the information with the National Cyber Crime Unit, giving the police an idea of the ongoing threat.” 

Lee from Sophos said that the scale of the threat – and the breadth of those being targeted – has risen astronomically in recent years. "I joined the industry in 1997 when some 13,000 pieces of malware existed,” he said. Now we see tens of millions of binaries every day coming in through our labs – the scale of cyber threat has just gotten absolutely out of control, which is a real challenge for public sector organisations. So, being a target is a fact of life, but being a victim isn't."

He added: “There have been attacks on the smallest primary schools up to the large government departments. So, different people in different areas of the public sector need different advice, and it needs to be tailored to them. But the main thing we need to do is make sure that cybersecurity is on the board's agenda.

The ethos of creating tools that are ‘secure by design’ can play an important role in helping protect public services in the future, according to Lee. “We need to look at cybersecurity right at the outset when services are conceived as a means for citizens to interact with the public sector,” he said.

Addressing the skills gap

Emerging technologies, such as artificial intelligence, were mentioned as a tool that public sector bodies could utilise for developing and permeating cyber skills through the organisations. However, Sophos's Lee recognised that AI can only go so far.

He said: "Cyber attackers are hands-on keyboards, and we need the people who are fighting that threat also to be hands-on keyboards too – skilled people at organisations such as Sophos, but also within customers across the public sector."

The tendency to outsource cyber and IT management within central government was also a discussion point, to which Lee agreed on the upward trend. "I wouldn't say gone are the days of the very large outsourcing deal, where a company takes over absolutely everything on a network. But what we're seeing more now is organisations outsourcing capabilities. And specifically, outsourcing cybersecurity as a service, and that's a massive growth market."

Discussing the ethical and moral conundrums organisations face when hit by a cyberattack, the panel agreed that organisations should not consider paying a ransom.

Lopez said: "Organisations have to think about this carefully and ask: have you got all your data stolen? Have you got backups? Are the organisations finished without the data stolen? And then think about the reason for paying the ransom: Is it for reputation or to keep the organisation going? But, and the end of the day, even if you get your data back, that doesn't mean that data won't get released later on."

The event drew to a close with the panel providing top tips for how organisations can adopt a proactive approach to cybersecurity. For Lopez, the key is to have an incident response plan in place. "This is about putting your organisation in a position where you know who to call, in what order, and what you need to do," he said.

Curran suggested that good patch management is critical to preventing attacks and assessing the software supply chain for vulnerabilities.

To learn more about Sophos Managed Detection and Response, visit sophos.com/mdr