Public sector and government departments and agencies possess troves of sensitive data to provide essential services to their citizens. This has made them prime targets for cybercriminals – recent incidents have highlighted the growing risks as when, in August 2023, a supplier to the London Metropolitan Police fell victim to a security breach, exposing officers’ and staff’ information. The breach took place when cybercriminals successfully accessed the IT systems of a contractor in charge of producing police officer warrant cards and police staff passes. It is believed as many as 47,000 individuals’ details have been leaked.
Some of the key factors that contribute to the cyber vulnerabilities of data-rich public sector bodies include legacy systems that contain decades of data, while resource constraints slow security upgrades. Within a rapidly evolving threat landscape, with new malware variants, are emerging technologies such as Artificial Intelligence (AI), which can generate convincing deepfake videos for spear phishing campaigns, misleading users to think communications are legitimate. Add to this negligent or deliberate insider attacks and third-party risks, and it is evident that actions must be taken to mitigate public sector cyber risks, preventing potentially serious consequences including theft, industrial espionage and loss of reputation. As ever-growing technological advancements continue, there is more potential for their misuse, allowing hackers to attack systems with sophisticated methods against which it is increasingly difficult to defend, posing an enormous challenge for public sector organisations.
Moving forward with AI
AI can be a powerful tool for public-sector organisations to adopt against cyber-attacks. It can automate business processes to help strengthen cybersecurity, with AI tools used to govern and monitor user behaviours related to misuse and data theft. According to the 2023 Insider Threat Report by Cybersecurity Insiders, 53% of cyberattacks are committed by insiders[WR1] . Through conducting analytics on user behaviours, AI can identify suspicious activities which could lead to potential attacks, such as unusual login times or data access patterns.
By continuously assessing the risk level of different assets and systems in the network, AI enables dynamic resource allocation against threat. Using AI tools, organisations can strengthen their firewalls, denying unauthorised users from accessing their systems. AI can detect phishing activities, analysing email content and metadata to identify phishing attempts and flagging them for review; while its pattern recognition techniques can also uncover subtle anomalies humans could miss.
Providing up-to-date threat intelligence, AI can analyse multiple sources’ data from both inside and outside the organisation’s firewall and carry out real-time monitoring on data feeds to quickly identify and respond to threats. Through natural language processing (NLP) it analyses and understands bad actors’ (both insiders and external hackers) communication and chatter to anticipate possible threats, and uses predictive analytics based on current and historical data to predict future cyberattacks, allowing proactive measures to be taken.
By automating incident responses to common types of attacks – monitoring individual devices for malware or other harmful activities and taking immediate action – AI frees up human resources to tackle more complex issues. But while AI can greatly enhance organisations’ cybersecurity measures, it is important to keep human oversight in the loop, to interpret results and handle complex scenarios. Public sector organisations must therefore build cyber resilience that involves not only technology but also people and processes.
Building cyber resilience
Governance and leadership of cybersecurity is essential within public sector organisations. They should appoint a senior leader, such as a Chief Information Security Officer (CISO), to coordinate cybersecurity and have policies and standards in place for cyber risk management. Cyber programmes should be monitored continually for effectiveness, with clear metrics and accountability for improvement.
Security awareness training should be prioritised, creating a workplace cybersecurity culture that ensures employees recognise threats and practise safe data handling. AI inventory systems should be assessed for risks, just as with traditional IT; and the AI systems’ algorithms themselves should be trained, with high-quality, robust training data sets that avoid bias and error. By developing ‘playbooks’, teams can respond quickly and appropriately during incidents.
Data is valuable to cyber attackers, thus multi-factor authentication and encryption of data is essential, especially on mobile devices. Classifying data by sensitivity levels helps public sector organisations regulate access to a ‘need-to-know’ basis. Comprehensive, constantly updated endpoint security solutions should be maintained across systems, using AI technologies as described – and defences regularly tested against sophisticated attack simulations, to identify gaps. Cyber resilience should be considered from the outset, and incorporated into technology procurement requirements, with secure-by-design solutions prioritised.
Sharing the load
Cybersecurity resilience is becoming a critical concern within public sector organisations, with the complexity of defence mechanisms escalating, posing multifaceted challenges. Fortunately, there are many specialist suppliers who can help the public sector enhance its resilience measures. Collaboration can offer many benefits, with cyber threat intelligence sharing between public sector peers, trusted external third-party industry partners and academia, as they work together to develop standards, research and innovation. Public sector organisations may choose initially to use specialists’ advisory skills to assess their risk, tailor cybersecurity roadmaps, and implement best practice controls and measures, and to develop guidelines for ethical AI use. They may then draw upon ‘security-as-a-service’ organisations to provide 24/7 threat detection and response capabilities, monitoring their networks and managing firewalls, anti-malware and anti-virus tools. In the event of an incident, specialist forensic experts can be retained to help understand the implications and consequences.
But it is key that the public sector safeguards what members of the public value most – data, service and trust. While cyberthreats exist, organisational risks can be reduced through preparation, vigilance and collaboration. By making cybersecurity an enduring and collective mission and working with industry to find innovative solutions to attacks, public sector organisations can block adversaries and continue serving the public safely and securely.