SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Public sector has misplaced confidence in cybersecurity
Wed, 6th Dec 2023

In a new study conducted by cybersecurity solutions provider Check Point Software, in conjunction with Public Sector Executive (PSE), concerning attitudes towards cybersecurity within public sector organisations, ihas revealed that there exists a significant disconnect between the confidence in existing cybersecurity measures and the ongoing threats faced by these organisations. The report is appropriately titled: Cyber Security: the heart and soul of trust between citizens and public sector organisations.

Key findings within the survey, which included participants from government, education, healthcare, and justice sectors, suggest that nearly half (47%) of respondents have faith in their systems' ability to detect breaches, with 64% expressing confidence in their capacity to identify data theft. However, this sense of assurance seems to be misplaced, given the frequent cyberattacks targeting these sectors.

The report also points towards an underestimation of the threat landscape looming over the public sector. While threats like phishing and malware are identified correctly, there is considerable ignorance regarding the sophistication of web application attacks and the potential for human error within the organisation. Budget limitations also appear to be a significant concern, with 57% of the respondents citing it as a key roadblock in enhancing their cybersecurity posture, the report found.

Check Point’s mid-year report indicates that the top three industries targeted during the first half of 2023 were government, education and healthcare. Some organisations witnessed as many as 10,000 attacks per day. What's more, destructive cyberattacks were successfully conducted against hospitals and local authorities, including Barts Health NHS Trust, St Helens Council and Gloucester City Council, which were subsequently reprimanded by the Information Commissioners Office (ICO) due to their lack of competent systems defensive systems.

Deryck Mitchelson, Global Chief Information Security Officer at Check Point Software, issued a warning surrounding this theme by stating, "Public sector organisations are significantly underestimating the severity of cyber threats.

"Our findings suggest a concerning disparity between perceived security and the escalating sophistication of cyberattacks, which can have profound impacts on public trust and service continuity," he said.

The report deeply emphasises not only the importance of a defensive strategy but also the need for proactive, preventative measures that allow institutions to stay one step ahead of cyber threats. Keith Joy, Chief Technology Officer at the University of the Arts London, pointed out the often overlooked smaller vulnerabilities that can be equally detrimental to an organisation's security.

Mitchelson also added, "The reality is that organisations cannot rely solely on defence. They must invest equally in proactive, preventative measures to thwart cyber threats at their inception.

"It is a constantly moving target and staying ahead requires a comprehensive and dynamic approach to cybersecurity," he said.

The complete report, offering comprehensive insights and analysis, is now available for review.