Government’s broader role in cyber
Government and public services organisations face unprecedented risks, but also incredible opportunities. With change driven by political uncertainty, budgetary constraints, constituency demands, technological innovation, and regulatory pressures, governments around the world are rapidly transforming, writes Colm McDonnell, partner in risk advisory at Deloitte.
The government and public services sector is not only one of the fastest growing sectors for cyber risk, but it also influences all other sectors; governments have a mission to protect themselves, national interests and businesses.
Whether it be in a university, running a government department, at the border, transport and infrastructure, policing, and the military or securing health care, government and public services organisations are a highly sought-after target for cyber criminals, due to the wide array of interconnected sensitive information being stored within the sector. Therefore, it’s more important than ever to have the agility to adapt and the courage to innovate, and clearly new approaches are required to minimise the risks and maximise the opportunities facing government and public services organisations.
Cyber isn’t merely a technology issue. Cyber is at the centre of change, innovation, data, and technology. It’s a strategic business risk that will continue to impact every facet of every organisation. Government and public services are also not alone in navigating these issues, whether at the crossroads of artificial intelligence (AI) and workforce transformation, enterprise resource planning (ERP) and cloud deployment, cyber and IT modernisation, or digital and citizen experience.
Data protection
Data retention and data preservation and associated risks of not tackling data protection, that could lead to a cybersecurity incident, are increasingly gaining the attention of public sector bodies as areas to address within cybersecurity. This is especially evident as more organisations move their data to the cloud whilst still trying to keep in alignment with regulatory requirements.
When it comes to the organisation and cloud provider, the challenge lies in the understanding of the contractual agreements and the shared responsibility model of “who” looks after various aspects of data protection, and “how” an organisation would respond to a data breach when a third party is involved.
Evolving threat landscape
As the threat landscape continues to evolve, traditional penetration testing is no longer seen as sufficient enough, in helping the public sector protect and defend itself against those potential threats.
More organisations are now moving towards adversarial attack simulation together with adversarial detection and countermeasures, to simulate “real-world” attacks and how best to defend and respond to a cybersecurity incident.
Conclusion
With the continued increase in cyberattacks within the government and public services sector and the rapid transformation to cloud, all public sector organisations need to shift their operations to keep pace.
T: +353 1 417 2348
E: cmcdonnell@deloitte.ie
W: www.deloitte.ie