RiskXtraSeptember2018
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
x<br />
RISKXtra<br />
CTI: Keeping UK Citizens Safe in 2018<br />
operational challenge facing their organisation.<br />
How, then, can Government organisations<br />
embrace digital transformation while also<br />
ensuring that their systems – and, critically,<br />
citizens’ data – is kept safe?<br />
You know you’re<br />
facing an area of grave<br />
concern when experts<br />
at the World Economic<br />
Forum signpost ‘cyber<br />
attack’ as one of the<br />
Top Three most<br />
probable global risks<br />
of 2018. The threat of<br />
such an attack has<br />
been put up there with<br />
extreme weather<br />
events and natural<br />
disasters as one of the<br />
events most likely to<br />
cause problems on a<br />
worldwide scale this<br />
year and into the<br />
future. Paul McEvatt<br />
addresses the issue<br />
For the public sector, the threat is even more<br />
acute. Cyber security has stormed its way<br />
on to the political agenda of late as<br />
allegations of election tampering, breaches of<br />
Government agencies and departments and<br />
industrial sabotage have dominated the news<br />
headlines. Malignant actors have targeted<br />
Government and political organisations with<br />
forms of sabotage since Government has<br />
existed, of course, but the difference now is<br />
that hacking into a Government body by digital<br />
means can be done remotely by an unidentified<br />
actor and can happen remarkably quickly.<br />
Government bodies often hold a variety of<br />
sensitive information – whether that’s medical<br />
data, criminal records or confidential Civil<br />
Service plans – that can be used by others for<br />
financial or other forms of gain. For a malignant<br />
hacker, the possibilities here are endless and<br />
mouth-watering in equal measure.<br />
The UK’s public sector is fast embracing<br />
digital technology. When conducting our own<br />
research, we found that 76.7% of public sector<br />
organisations said that they were undergoing<br />
digital transformation – the highest percentage<br />
of any sector we surveyed. This is largely a<br />
positive thing, with a view towards making sure<br />
Government works more efficiently and delivers<br />
better services.<br />
However, the adoption of digital can<br />
sometimes create more angles of attack for<br />
hackers. In fact, almost half of all civil servants<br />
state that cyber security is the biggest<br />
Going back to fundamentals<br />
With the public sector fast adopting new ways<br />
of doing things in the sphere of IT, it’s<br />
important to maintain some of the<br />
fundamentals of security. In 2017, the headlinegrabbing<br />
Petya and WannaCry ransomware<br />
outbreaks exploited a vulnerability to software<br />
propagation that was known months before the<br />
attack. What could have prevented the<br />
vulnerability? Patching.<br />
It’s easy to repeat the mantra “Thou shalt<br />
patch whenever necessary” from afar, but<br />
business reality dictates that this is sometimes<br />
not the right move depending on the context.<br />
For example, you might choose not to patch a<br />
critical vulnerability in a financial system if it’s<br />
the day before the end of the financial year for<br />
fear of breaking that system.<br />
One of the ways in which public sector<br />
organisations can mitigate risk is through Cyber<br />
Threat Intelligence (CTI). This can function as<br />
an early warning mechanism, guiding security<br />
professionals on which vulnerabilities are most<br />
open to exploitation and should, therefore, be a<br />
patching priority.<br />
CTI is often simply referred to as a threat<br />
feed. However, faced with the kind of ‘savvy’<br />
and aggressive attackers that have the audacity<br />
to go after public sector organisations, the<br />
system shouldn’t just express the severity of<br />
the vulnerability as a technical risk. Given the<br />
vital work that public sector organisations<br />
transact, it should also communicate this risk in<br />
financial, business and, indeed, human terms.<br />
At its core, effective CTI provides strategic<br />
direction that cuts through the complexity of<br />
patch management, subsequently indicating<br />
where attention is most needed. For example, a<br />
threat advisory that addresses a vulnerability<br />
early on can protect an organisation months<br />
before hackers begin developing a ransomware<br />
variant to take advantage of that vulnerability.<br />
Automating the guard dogs<br />
The public sector is increasingly embracing the<br />
power of data. Collecting and analysing large<br />
volumes of data about how we live, how our<br />
businesses operate and even how the public<br />
sector itself runs can be beneficial on several<br />
60<br />