Ten steps to improving IT security in the public sector

During the past few years, the number of significant cyber attacks against Australian public sector organisations has grown significantly. Public domain high-profile attacks and breaches have impacted Medibank, the Australian National University and the Northern Territory Government to reference a few.

The rising volume and sophistication of incidents has shone a light on the security measures in place within Australia’s public sector. It’s becoming increasingly clear that more needs to be done to ensure that IT infrastructures and data repositories can withstand attacks and that the sensitive data remains secure.

Best practice suggests that there are 10 key steps public sector organisations can undertake that will significantly improve their overall level of IT security and mitigate much of their cybersecurity risk profile. Taking them now will harden defences and reduce the likelihood of future successful attacks and data breaches.

1. Improving wide-area network security

Boosting the security measures protecting wide-area networks (WANs) can deliver significant benefits for public sector organisations. Adopting Secure Access Service Edge (SASE) technology is one way to achieve this. SASE can ensure consistent policy enforcement, secure remote access and least-privileged permissions.

SASE contributes to robust security while supporting flexible connectivity and simplifying security management. It also automates certain tasks and reduces complexity for security administrators.

2. Strengthening endpoint security

Endpoints such as laptops, tablets and smartphones are widely used within organisations across the sector. However, they are often not given sufficient attention when it comes to security.

Insecure endpoints provide opportunities for cybercriminals to gain access and, through them, get to other parts of an organisation’s IT infrastructure and data repositories. For this reason, more attention should be given to ensuring all devices have the best and appropriate security measures in place.

3. Deploying a SIEM

Security information and event management (SIEM) platforms are designed to provide context around the detection of cybersecurity threats. A SIEM collects logs from systems and security solutions across a network and places them in a centrally managed location.

As the data collected in a SIEM is aggregated from a number of different systems, the platform performs data normalisation to allow security teams to make comparisons and spot threats effectively and efficiently.

4. Making use of cybersecurity intelligence data

Public sector organisations are able to obtain a broad view of potential threats by consulting a range of cybersecurity intelligence platforms. The platforms give organisations greater situational awareness and allow them to take a more proactive approach to security.

By being better informed about the constantly evolving threat landscape, IT security teams will be much better placed to take the steps required to reduce the chance of successful attacks.

5. Exploring opportunities for automation

The automation of certain cybersecurity tasks can make both processes and people more efficient. Automated tools can collect, sequence and analyse important data allowing threats to be detected much more quickly. This allows security teams to be much more proactive, focusing more effort on preventing an attack and then minimising its impact.

6. Creating a consolidated security architecture

Many public sector organisations tend to have a wide variety of security tools in place; however, they are often not interoperable or the communication between them is poor. By adopting a consolidated cybersecurity architecture, an organisation can strengthen its defences while also reducing management overheads.

7. Conducting regular security training

It is still the case that end users are one of the weakest links when it comes to achieving strong cybersecurity. Clicking on a link or opening a malicious email attachment can start an attack that causes significant disruption and loss. For this reason, conducting regular staff training is vital. Everyone needs to understand the threats their organisation is facing and their role in ensuring that strong security measures are in place.

8. Paying attention to industry guidelines

There are a number of independent industry groups that have created high-level guidelines and frameworks relating to achieving effective IT security. Public sector organisations should determine which frameworks are most relevant to their operations and implement them as quickly as possible.

9. Striving for strong cyber resilience

Cyber resilience is the ability to anticipate, withstand, recover from and adapt to attacks or compromises of critical IT systems. Achieving strong resilience should therefore be a goal of any public sector organisation. This can be achieved by assessing and identifying risks, creating incident response plans, fostering partnerships and implementing data protection measures.

10. Conducting regular activities with external partners

Undertaking collaboration with other agencies and reputable cybersecurity vendors can enhance the level of security protection an organisation has in place. Understanding the experience of others can help to guide planning and spending decisions.

By following these 10 recommended steps, public sector organisations can significantly improve their levels of security protection and ability to withstand an attack. Making the effort now can reduce the chances of potentially severe disruption in the future.

Top image credit: iStock.com/gorodenkoff