How to protect the Australian public sector from cyber threats
When working with public sector agencies on cybersecurity, responsibility is proportionate to the amount of data which could potentially be compromised. Ensuring the safety of citizen’s data, as well as the uninterrupted delivery of services, requires a comprehensive and up-to-date understanding of cyber threats. In this article I will discuss the risks as well as the best practice measures Atos can help deliver in the public sector to provide citizen-centric services.
Identifying the risk
The most recent Australian Cyber Security Centre (ACSC) data tells us that cyber attacks increased by 13% within a year. With 25% of all attacks directed at critical public infrastructure, it is essential that government agencies are able to protect citizens’ data and ensure uninterruptable services for the community. ACSC advise that Australian organisations should urgently adopt an enhanced cybersecurity posture and improve their resilience within a heightened threat environment. Spread across agencies and jurisdictions, a state government needs to apply a cybersecurity plan which can offer protection on many different fronts, retaining trust from citizens, while also allowing easy access for users across platforms.
Remaining vigilant and resilient
The threat of ransomware attacks against public sector agencies in Australia is mounting. What we know about ransomware attacks is that they prey on monocultures and legacy systems. This means they have the potential to wreak havoc on established government organisations with a large, generalist IT system. Recent history has also shown that once hackers are able to find a small vulnerability, then they can get behind the defences of an organisation and access an entire system. As more devices are being used, as public service employees are working from home through the pandemic, and citizens are attempting to access their data remotely, the risk of compromise is increased.
“Spread across agencies and jurisdictions, a state government needs to apply a cybersecurity plan which can offer protection on many different fronts, retaining trust from citizens, while also allowing easy access for users across platforms.”
What Atos has been able to achieve through recent data migration projects for state governments in Australia is security at scale. Migrating existing infrastructure and applications to the cloud means a more comprehensive protection against cybercrime, because the cloud technology is constantly being monitored and updated. Once migrated, the systems are far more resilient against attack because of this ability to tweak security measures based upon threats as they are reported.
Taking affirmative actions
In departments like Health and Defence, the security of data and protection from cyber threats can be a matter of life and death. Services provided by the public sector are ultimately for the benefit of all citizens, so while migrating infrastructure to the cloud can increase protection against cybercrime by improving processes, there are also simple, affirmative actions that can be taken by citizens, and by governments to prevent cyber-attacks.
- People – educating staff and citizens in password safety, the identification of unauthorised or suspicious communication and how to exercise caution when sharing personal information.
- Processes – migration of existing infrastructure to a monitored and resilient cloud service, measures such as multi-factor identification, security questions, automatic lockouts and built-in alert systems which contact the provider when suspicious activity is detected.
- Policy – robust legislation in place at a state and federal level regarding the storage of personal data.
While this balance between security and ease of access is driven by market forces in the private sector, providing secure and accessible services in the public sector comes from a responsibility to citizens. Atos is committed to supporting this duty of care to citizens by providing the most agile and secure cloud technology to government agencies.
- Digital transformation