Digital transformation of government services ‘is giving hackers a way in’.
The increasing digitisation of public services is putting more citizens’ data at risk of cyber attacks, a survey has found.
Whitehall’s digital by default agenda to push more and more government services online is creating more cyber security risk for information stored in large cloud environments, found IT security firm CSC and CBR‘s sister publication, Government Computing, in a joint study.
The report, Cyber Insecurity, also found that sharing services, a common cost-cutting technique of local councils to share back-office IT requirements via public services networks (PSNs), may spread a successful cyber attack on one victim to other sharers of the same service.
The survey said: "The cyber threat to all public sector organisations is very real and increasing year on year. As well as digitisation, cloud-based delivery and the growth of the public services network (PSN) may also inadvertently create the climate for cyber attacks."
Just 18% of the 83 public sector IT pros and execs surveyed said they were confident their organisation could cope with hacking threats, while 72% admitted security concerns conflict with business needs.
Two-thirds of respondents pointed to losing confidential data as the most damaging aspect of a data breach, followed by 42% who cited loss of reputation.
Just 8% said financial penalties were the worst result of a data breach, despite the Information Commissioner’s Office (ICO) dishing out data breach fines averaging £120,000 in the last two years – two-thirds of all fines hitting public bodies.
But with revisited laws on personal data and privacy being introduced by the EU by the end of the year, the fines could get a lot tougher – up to 5% of annual turnover or up to €100m. It is unclear how these would affect public sector organisations.
The study believes public bodies must re-examine their defences against cyber attacks in the wake of spending cuts and more information going online.
It concluded: "Life is made more difficult when the business case for action must be made against an austerity background of funding cuts, more public services being made available online, and greater financial responsibilities being placed on local authorities and NHS trusts.
"For some organisations, this will necessarily require a rigorous re-assessment of their exposure to cyber attacks."
Yet only 38% of respondents say they current use or will use global threat intelligence, which involves gathering threat data from a variety of sources including files, the web, messages and networks.
Instead, 82% are using protective monitoring, which includes measures such as defining who can access what, and rely on third-party companies to bolster their IT security.