Cybersecurity report

Cybersecurity is the new frontier for public sector organisations

Every minute, there are 35,000 instances of password attacks and seven phishing attempts by cyber-criminals across the globe. These statistics highlighted in the latest Microsoft Security Insider briefing show the unparalleled scale and cost of cybercrime, with a new cyber threat detected by Microsoft every 35 minutes globally, writes Frank O’Donnell, Public Sector Lead of Microsoft Ireland.

The worldwide economic impact of cybercrime is $1,141,553 per minute. For public services in particular, the threat environment is only becoming more and more sophisticated, and the stakes are getting higher. According to Microsoft’s Digital Defence Report released last year, public sector organisations accounted for almost 52 per cent of the total affected organisations by state nation threats. The report also shows that nearly 80 per cent of those targeted were either in government, NGOs, or think tanks, which often serve as policy incubators and implementers, with strong ties to current and former government officials and programmes.

The pandemic has acted as a catalyst for increasing digitalisation across local and central government, and in specific areas such as healthcare, education, and community outreach in Ireland. Online public services have become more vital than ever to communities, and exposure to new technologies has created a desire for sustained digital transformation by leaders of public sector organisations to be able to engage with citizens and keep their workforce connected.

If our ambition is to continue to meet the growing expectations of an increasingly digital economy and society, then it is clear that establishing secure and resilient IT infrastructure for workers and citizens has become the new frontier for public sector organisations.

The burning question is, how can organisations with such large and unwieldly operations and with such a varied workforce and citizenship achieve this?

Public and private sector collaboration

Closer collaboration with experts and partners both in Ireland and across the globe can provide leaders with new knowledge and access to global efforts to manage the threat of cybersecurity.

The recent announcement that Ireland has now joined over 45 other countries and international organisations as a member of the Microsoft Government Security Program marks a significant milestone for the public sector and the Irish Government in the defence of critical national infrastructure against cyberattacks. This is part of a broader statement of intent to invest and bolster our national critical infrastructure by the Irish Government.

Ireland’s participation in the programme will enable controlled access to source code, exchange of threat and early warning vulnerability information, and the ability to engage on confidential technical content about Microsoft’s products and services.

Cloud adoption and a zero-trust approach

Fast-tracking cloud migration and adopting a zero-trust approach provides greater security coverage, particularly for large organisations working across multiple geographies, embracing hybrid working models and delivering varied workstreams. Microsoft adopts a zero-trust first approach, which refers to a proactive, integrated approach to security across all layers of the digital estate that explicitly and continuously verifies every transaction, asserts least privilege, and relies on intelligence, advanced detection, and real-time response to threats. This model starts with strong identity authentication everywhere. Multifactor authentication (MFA), which we know prevents 99 per cent of credential theft, makes accessing apps easier and more secure than traditional passwords.

At Microsoft, we have helped thousands of organisations to evolve their zero-trust deployments to respond to transitions to remote and now hybrid work in parallel with a growing intensity and sophistication of cyberattacks.

In the last two years, we witnessed an increase in the adoption of cloud technologies across many government departments and government bodies, which ultimately creates a more secure working environment. This journey is set to continue and accelerate as cybersecurity becomes more and more of an imperative, not only in the realm of the IT function, but also at board and executive level across the Irish public sector.

A cultural imperative: Cybersecurity is an issue for the entire organisation

Cybersecurity should no longer be viewed as a specialised risk that falls only within the purview of the IT department. Technology expertise sits in the IT department, just as expertise in financial risk management generally resides in the finance department, but ultimate responsibility and accountability for the risks lie within the wider leadership team. We cannot afford to treat technology and cyber risk as something separate and contained that IT and security teams are left to manage on their own.

This is a fundamental paradigm shift for leaders in the public sector and is perhaps the biggest challenge in building and implementing a resilient cybersecurity model and to the digitisation of public services. This will require a standardised approach to security culture across different teams in an organisation, and systems to ensure it is embedded from board level across all employees and operations.

Cyberattacks are increasing in frequency and sophistication and are deliberately targeting core systems to maximise the impact of the attack or likelihood of a ransomware pay-out. Within this context, we know a comprehensive approach to operational resilience must include cyber resilience if we are to truly unlock the digital potential of our economy and society, and it is critical that public sector organisations are at the vanguard of this digital evolution.

E: frank.odonnell@microsoft.com
S: https://www.linkedin.com/in/frankodonnell/

Show More
Back to top button