Why cybersecurity is a perfect storm for the public sector

First, your digital footprint is increasing massively. New applications using new technology are driving data growth. In fact, public sector leaders predict that data volume at their organizations will increase by 59% over the next three years. Digital experience is at the heart of the government's interactions with citizens — everything goes digital. And since the onset of the Covid-19 pandemic, working remotely has become the norm, meaning that there is a greater reliance on digital technology. Added to this mix are all of the new technologies expecting to transform the working environment and our lives in general over the coming years: IoT, 5G, machine learning, and generative AI.

This means that there will be more data coming from more sources with greater sophistication and complexity. No one expects the pace of change of technology to slow down or have to manage less data over time.

Secondly, cyber crime is in its infancy. Threats are becoming more sophisticated and greater in number. Threat actors are proliferating at a great rate, and the barrier to entry is low — one person with a laptop and internet access can cause wide-scale destruction. State-sponsored cyber crime is the latest form of international warfare, and again, this is extremely likely to become more prevalent.

The latest wave of cyber crime activity seems to be focused on ransomware attacks with three high-profile incidents in the UK alone in recent weeks. As technology writer Renee Dudley has pointed out:

Finally, and potentially the most problematic of all: the cyber skills gap. In the UK alone, there is a shortfall of 14,000+ cybersecurity personnel each year. If you don’t have the right skills or cannot retain them (an especially huge issue for the public sector), how can you build a sensible plan to deal with the coming storm?

In summary, the public sector is contending with the concurrent challenges of more data and digital systems, more threats with greater sophistication, increasing regulation, and lack of the right skills. If you had an unlimited budget, this would still be a massive challenge but hands up to anyone who has that, especially in the public sector.

Unfortunately, unlike the original Perfect Storm, this isn’t a one-time event that will pass. This threat is only going to get worse. Burying your head in the sand is not a viable option. Trying to apply some cyber tech at it now in hopes that will solve the problem is also prone to failure. So, what should you do?

1. Have a strategy and make sure it is forward-thinking. Take into account the need to evolve with the changing tactics of the threat actors. Make sure you have organization-wide awareness and understanding of the plan.

2. Use technology that not only utilizes the latest in cyber defensive strategies but also has the flexibility to innovate to meet new challenges. Elastic, for example, recently introduced the AI Assistant to democratize the options open to security analysts, and we continue to bring security innovation to the market.

3. Start your journey now — cyber criminals are not waiting. There will not be a one-off, simple defensive strategy you can take, so be prepared to think differently. A good place to begin would be with a data risk assessment. Some of Elastic's partners offer this service free of charge. This would give you details on where you need to focus in the short term as well as a template for your longer term plans.

4. Consider your options — does it make sense to use a Managed Security Service that might help you deal with the skills gap challenge?

5. The new security paradigm is open security. Closed or “black box” technologies have consistently been exposed by hackers as no single approach or development team will have all the answers to every possible threat. With open security, you have access to a larger user community that is collaborating to nullify those threats.

6. Get help from experts. Elastic®, together with our partners, run workshops, assessments, and training and are building a program to help address the skills gap in the public sector. Take advantage of these sessions to hear from your peers and industry experts to get your plans in place.

To dig in deeper on the cybersecurity landscape for the public sector and what to keep in mind as you build your strategy, take a look at Public Sector Cybersecurity: Protect your IP, data, and citizens.