Connected Citizens Is a lack of trust the biggest assault ...stages of advanced threats & data theft...
Transcript of Connected Citizens Is a lack of trust the biggest assault ...stages of advanced threats & data theft...
PROTECTION
RISK
HACKERS
THEFT
CONNECTEDCITIZENS
SECURITY
Connected CitizensIs a lack of trust the biggest assaulton ‘digital by default’?
On the surface of it, this drive to make every government service available online is a win-win situation for service providers and citizens alike.
For public bodies, the speed and efficiency of digital services are estimated to lead to savings of around £1.8 billion a year1.
Meanwhile, with the vast majority of the UK population already online2, access to these services at any time of day will benefit citizens too.
Research by Ofcom suggests that UK adults spend on average 14.2 hours a month on the internet3. There are also around 650 transactional government services already available online. As such, you would expect a high level of digital service use.
In fact, the opposite is the case. According to the Government’s own digital strategy, “There is only a handful of these services where a significant majority of people who could use the online option do. Many have a digital option but few people use it.”4
So why is this the case?
Opinion Paper Connected Citizens
From April 2014 onwards, every new or redesigned government service is expected to meet the standards set by the Government Digital Strategy.
The idea behind it? That UK government services will soon become ‘digital by default’.
PROTECTION
RISK
HACKERS
THEFT
REPUTATION
MALWARE
1https://www.gov.uk/government/collections/government-digital-strategy-reports-and-research2https://www.gov.uk/government/collections/government-digital-strategy-reports-and-research3http://consumers.ofcom.org.uk/2010/08/tv-phones-and-internet-take-up-almost-half-our-waking-hours4https://www.gov.uk/government/collections/government-digital-strategy-reports-and-research
Available figures show that 2012 was far from a golden year for public sector data management. Fines handed out to government bodies and organisations by the Information Commissioner’s Office (ICO) had more than doubled from 2011, rising from £1.17 million to £2.6 million.
In 2013, we surveyed 3,000 consumers about the level of trust they placed in local and central government departments to safeguard their personal information5.
The results were clear. Central government organisations have seen their ‘trust score’ fall from an average of 3.18 in 2003 to just 2.79 last year. The decline in trust for local government matches this almost point-for-point - from 3.14 a decade ago to 2.77 more recently.
While this outlook may be bleak enough by itself, of particular note for the public sector should be the sharp decline in those citing “implicit trust”. Fourteen per cent of consumers said they had full confidence in central government to protect their information in 2003, followed closely by 13% in local government; only banks were trusted more at this point in time. In late 2013, those figures stood at just 6%. Little wonder that 91% of consumers said government could be doing more to protect consumer data.
These findings suggest that building, or rebuilding, trust in government services through data security is imperative. But this task takes on even greater significance when you consider the potential risk to national security.
Protecting the country According to Cabinet Office Minister Chloe Smith6, the UK Government faces around 33,000 cyber attacks each month from sophisticated criminals and state-sponsored groups. Malicious threats have to be blocked on a daily basis as “ever more innovative” ways are devised to threaten national security.
The National Security Strategy has even gone as far as categorising cyber attacks as a Tier One threat to our national security, alongside international terrorism.
The issue is that many existing digital government services are simply not built to prevent such attacks. They are either too old or have been left undefended – all of which means the back door could have been left open to cyber criminals who can attack systems or steal citizen data while working with anonymity from afar.
As cyber criminals become more sophisticated so the gap widens between external threats and internal defences, creating a ‘cyber chasm’.
Crossing the cyber chasm The Government recognises this, however, and has put on record its commitment to making the UK to be the safest place to do cyber business.
To combat cyber threats Whitehall is investing in major initiatives to protect government services. However, the man overseeing the strategy to defend the UK’s computer systems from attack, Francis Maude MP, Minister for the Cabinet Office, freely admits that cyber security is a “never-ending battle” and described the fight against cyber crime as “work-in-progress”.
All of which means increasing pressure on both central and local government bodies to make security a key concern now and into the future.
Opinion Paper Connected Citizens
Trust is a major issue.
Perhaps the major obstacle is a distinct lack of trust in government’s ability to protect our personal information.
5DataHeaven or DataGeddon? Fujitsu, 20136http://www.independent.co.uk/news/uk/politics/government-faces-around-33000-cyber-attacks-a-month-reveals-cabinet-office-minister-chloe-smith-8584636.html
Opinion Paper Connected Citizens
What can government bodies do?
Invest the time to know your risks1
Be clear about what you are protecting2
Know what you are protecting against3
Train and educate your people4
Keep up-to-date with everything - technology, people & processes5
At Fujitsu we advise central and local government organisations on how to improve security. The first thing we explain is that crossing the ‘cyber chasm’ requires ongoing effort. It is not enough to put in place a security policy. It must be put into action.
Public sector bodies must also gain the skills required to tackle emerging threats. This requires a commitment and an understanding from senior management.
We tell our clients to follow five key steps to reduce the gap with cyber criminals and protect citizen data:
Ignoring even these simple actions could mean more citizen data in the hands of criminals or terrorists, a cyber chasm that grows wider every day and the failure of the entire ‘digital by default’ initiative.
Discover more about the five key steps.
Download the infographic >>
Ref: 3488. Copyright © Fujitsu Services Ltd 2011. All rights reserved.No part of this document may be reproduced, stored or transmitted in any form without prior written permission of Fujitsu Services Ltd. Fujitsu Services Ltd endeavours to ensure that the information in this document is correct and fairly stated, but does not accept liability for any errors or omissions.
Contact us on:Tel: +44 (0) 870 242 7998Email: [email protected]: uk.fujitsu.com
Start with Secure Thinking.Get a FREE Fujitsu Information Security
and Risk Assessment.Contact the team at Fujitsu on:
0870 242 7998or visit
uk.fujitsu.com/securethinking
Keep up-to-date on everything! Cyber threats are constantly evolving, meaning it’s not adequate to simply ‘fit and forget’. It’s essential to keep
all defences up to date.Many organisations fail to refer to security risk assessments
to identify the people, processes or technology that need to be brought up-to-speed. The result is that gaps start to creep in.
5
ACTIONKnow your risks and ensure your security matches your
organisation’s data protection obligations.
Invest the time to recognise your risks Cyber criminals target complacency.
An organisation might not understand the full risks or think there is nothing worth targeting. It is this mindset that leaves it
vulnerable to attack from a range of vectors:
ADVANCEDPERSISTENT
THREATS
MAlwARE
lOSSOF DATA
CYBERSTAlKING
PHISHING SCAMS
IDENTITY& ACCESS
MANAGEMENT
FRAUD OR IDENTITY
THEFTCOMPUTER
VIRUSES
DENIAl- OF-SERVICE
ATTACKS
1
ACTIONGet a complete risk assessment of your Cyber Security
to understand the risk of every potential attack.
Know precisely what needs protecting Once you know the risks you will know what you need to protect.
This does not have to be a costly process. It is all about developing a plan that covers cyber security across
every area of your organisation: from your people and your processes to your technology.
INFORMATION SECURITY AND RISK
ASSESSMENT
PEOPlE PROCESSES TECHNOlOGY
TRAINING COMMS SKIllS GOVERNANCE POlICIES
CONTROlS NETwORK DATACENTRE STORAGE APPlICATION
2
ACTIONAnalyse your infrastructure through an audit and
allocate a sliding scale of resources according to the potential impact on the organisation.
Be clear what you are protecting against Anti-virus and URL filtering used to be sufficient protection
from cyber attacks. Not anymore.The increasing sophistication of targeted attacks has changed
everything. Today’s advanced attacks occur in seven stages that can result in the theft of your data.
But are your defences ready?
3
ACTIONLook for evidence of advanced threats or data theft
and take preventative measures to protect the organisation from future attacks.
RECONGather online information to build targeted lures
1
lURETwo Types: email and web
2
CAll HOMECalls home for more malware to expand attack
6
DATA THEFTCybercrime reaches outinto internal systems for data to steal.
7
DROPPER FIlEIf vulnerability exists, malware dropper file is delivered.
5
ExPlOIT KITUser’s system is inspected for an open vulnerability
4
REDIRECTFunnels and sends the user to a hidden server.
3
FREE GIFTS
CYBERCRIMEOPERATIONS
FREE GIFTS
CYBERCRIMEOPERATIONS
FREE GIFTS
CYBERCRIMEOPERATIONS
FREE GIFTS
CYBERCRIMEOPERATIONS
FREE GIFTS
CYBERCRIMEOPERATIONS
FREE GIFTS
CYBERCRIMEOPERATIONS
FREE GIFTS
CYBERCRIMEOPERATIONS
what should you be looking out for?
stages of advanced threats & data theft
Train your people to recognise the threats A report by the National Audit Office claims the IT security skills gap will take up to 20 years to close, leaving the UK
vulnerable to regular attacks.Public and private sector organisations must train staff to
follow security policies and procedures and provide them with the essential skills to tackle cyber crime. More than that, senior management must invest the time in understanding the risks
and what investments to make.
Trust in the ability of government organisations to protect citizen data is at an all-time low.
Fujitsu presents: 5 practical ways you can start to protect citizen data.
Source: National Audit Office& Information Commissioner’s Office
4
ACTIONUnderstand which skills already exist and which ones
are missing and then create a programme of staff training for all levels of the organisation.
44mcyber attacks in
2011 in the UK
£2.6MIllION
Fines handed out by the ICO to government
organisations in 2012
80%Proportion of cyber attacks
that could be prevented through simple
computer and network ‘hygiene’
Working together with expert security partners:
PROTECTIONPROTECTION
RISK
HACKERS
THEFT
SECURITY CONNECTEDCITIZENS5 ways to protect citizen data.
Source: Fujitsu Source: Clearswift
80%Number of councils that experienced a
security breach in 2012
Those with ‘implicit trust’ in central government to use data securely
6%2013
14%2003
The question is: Are you taking them seriously?
Meanwhile, cyber attacks are on the increase.