Digitalisation shouldn’t come at a cyber security cost

Digitalisation shouldn’t come at a cyber security cost, but it will if organisations are lax about protections, writes Sascha Giese, Head Geek™ at SolarWinds

Digitalisation has become increasingly crucial to the way governments and public sector organisations serve populations and communities. The past year and a half has demonstrated how vital digital strategies are for providing resources, sharing information, and working efficiently. But increased digitalisation also means increased risk. New technologies are new avenues of attack for cyber criminals, and the impact of a breach can be immense. Four months after its ransomware attack, for example, Ireland’s Health Service Executive is still dealing with the consequences.

It’s clear every tech professional must put security at the heart of their work, and public sectors must do all they can to mitigate IT risk. The security challenge is even bigger in a post-pandemic world where digitalisation has accelerated and remote working is widespread. According to research from the SolarWinds IT Trends Report 2021: Building a Secure Future, while security breaches are still perceived as the biggest external factor influencing an organisation’s risk exposure, the rise of distributed working is a key concern for IT professionals. Almost one in five (18 per cent) respondents identified a distributed workforce and employee relocation, as well as remote work policies, as risk concerns, and 15 per cent flagged the exponential growth of data due to new work from home needs.

Mitigating cyber risk
IT professionals are aware they must assemble sophisticated defences against cyber risk. The SolarWinds report saw 40 per cent of IT professional respondents rank security and compliance in their top three technologies most critical to managing or mitigating risk within their organisations. Thirty-five per cent ranked artificial intelligence (AI) and machine learning in their top three, followed by network infrastructure, automation, DBaaS solutions, and ITSM and/or ITAM solutions (25 per cent, respectively).

But the report also highlighted the barriers to adoption and implementation of security technology. When discussing challenges, almost half (48 per cent) of respondents said currently offered IT management solutions lack features or functionality to meet tech professional needs. Forty per cent pointed to lack of IT management solutions and tools available within their organisation, as well as poor management and lack of direction, as barriers to adoption.

Integration problems were also identified as a problem: 40 per cent of respondents reported that while some of their monitoring or management tools were integrated to enhance visibility across their IT environments, other tools still existed in silos.

Practical ways to shore up security
If public sector bodies want to increase digitalisation without decreasing cyber security, they should look at three key areas.

First, it’s important for organisations to adopt an integrated security system. Integrated security helps improve network visibility, so IT teams can spot threats more quickly, and allows tech professionals to seamlessly and efficiently manage their network. Organisations should be looking to create a multi-faceted solution to address their specific needs: this could include keeping network users safe by choosing devices or applications with certain levels of built-in security or making strict security settings the default in their application suite.

Secondly, regular penetration testing is crucial to identify weak security spots and vulnerabilities. Cyber criminals are constantly looking for new ways to outsmart security systems, and attacks can go undetected even when organisations use log management and signature-based deep package inspection. To combat this, organisations should use testing solutions that come with an intelligence feed to cover these unknown, ‘zero-day’ threats.

Finally, automation is a critical weapon in a security team’s arsenal. Automating security processes allows organisations to continuously monitor for threats and is especially useful for those with limited resources. For instance, an organisation can use tools to constantly scan web applications from the outside to identify vulnerabilities and threats. However, spotting a threat and acting on it are two very different things. Infrastructure is needed to allow possible threats to be quickly neutralised and teams alerted, so risk and damage is minimised.

To outsource or not to outsource
Public sector organisations have a choice when it comes to improving cybersecurity—they can outsource security responsibilities or retain them in-house. Working with a reputable, proven third party can be a good solution for many as it makes high-level defence easy and affordable and gives an organisation access to the latest security technologies.

Yet some public sector organisations will need to keep everything in-house and for these bodies, managed software solutions work well, although they must be careful to choose the right ones. The best solutions will incorporate automation, proactively identify threats, and analyse data from threat reports to block future attacks.

Digitalisation shouldn’t come at a cyber security cost, but it will if organisations are lax about protections. Whether using in-house or third-party solutions, public sector bodies need to ensure their security is integrated and automated, and they’re conducting regular testing, so they’re not laying themselves open to attack. If digital transformation is the goal, security needs to be the starting point.