Coming in the midst of Brexit, a worsening pandemic, and the drama of the US elections, a Russian cyber-attack on the US public sector barely made headlines in late 2020. Yet the story was huge – “a serious compromise that will require a sustained and dedicated effort to remediate” according to the FBI, the National Security Agency and the Office of the Director of National Intelligence. What made the story newsworthy was not that the attack happened, but how successful it was.
There’s no doubt that the threat from cyber-criminals and hackers is real. The question that public sector organisations need to ask themselves is when – not if – an attack will come. However, many organisations stretched their finances adopting cloud technology in
Russians hacked into 250 US federal agencies and businesses in 2020
2020 and are now faced with the difficult choice of balancing tight budgets with the need to adopt the latest security systems.
It’s worth noting at this point that moving data and workloads to the cloud isn’t by itself a guarantor of security. Though data may be secure in a cloud database, it is still at risk while in transit between different users and organisations. It can also be vulnerable when at rest – for example when it is being accessed by an end-user. To keep data fully secure, Public Sector organisations need to look at the whole threat landscape – not just at their data storage solution.
The problems with traditional, on-premises security systems
One of the biggest problems that Public Sector organisations face in maintaining security is finding the human resource. Most large organisations rely on some form of Security Information and Event Management (SIEM) software. SIEM helps to monitor the threat landscape by collecting data from the organization’s technology infrastructure – from host systems and applications to network and security devices such as firewalls and antivirus filters. The SIEM software then categorises and analyses security events, provides security reports and sends alerts highlighting any unusual activity. Managing security using SIEM software is not a passive process, however. It requires constant attention from a dedicated IT team with specialist skills.
The addition of Security Automation Orchestration and Response (SOAR) software can help, by automating and managing some of the more time-consuming, manual tasks. However, getting the full benefit from a SIEM and SOAR solution still requires a dedicated IT security team with a high level of expertise – which many Public Sector organisations simply cannot afford.
Another problem with a traditional on-premises SIEM and SOAR solution is the upfront cost. For a large organisation, the initial software and hardware costs can easily add up to £200,000. And, as with any on-premises solution, there are issues of futureproofing and scalability. With the speed that technology evolves in the 21st century, any large hardware upgrade runs the risk of becoming obsolete before it has earned its keep.
Why is a Security Operations Centre Important?
A data breach can be costly, with latest estimates in the UK said to cost millions each year. Not forgetting the reputational damage which can be even harder to recover from.
UK Organisations Identified Cyber Security Attacks in 2019
Compromised via Email
Organisations performed a Cyber risk assessment in the last 12 months
Why cloud-first security solutions are the only way forward
Luckily, there is an alternative, which can provide the benefits of SIEM and SOAR, without the upfront investment, or a dedicated team of IT security specialists. A cloud-first security system enables organisations to access all the analytical and organizational abilities of SIEM and SOAR without the upfront investment in hardware. The software is hosted virtually, in the cloud.
One immediate benefit for Public Sector organisations is the lack of upfront costs. Another is the ability to scale up and down when needed. There’s no need to oversize your initial solution to allow for growth. You simply pay for what you need, when you need it. And as with many cloud-first solutions, the immediate selling points are just the starting point. A cloud-first security system is not only the most affordable solution – it is the most effective, too.
Microsoft’s Azure Sentinel is a classic example of a large-scale cloud-first solution that can offer dramatic improvements to your security. Whereas an on-premises SIEM solution analyses the threat landscape based on your own data, Sentinel has access to trillions of operations across the globe – giving it much more information to work on. An on-premises SIEM, for example, might detect that malware has come from a phishing email – and then take action to block that email from other machines. Thanks to Microsoft’s access to large-scale cloud data, Azure Sentinel would have almost certainly perceived and blocked the threat before it even got to your organisation.
Compared to setting up your own on-premises security system, getting started with Azure Sentinel is relatively simple. Everything is already set up in the cloud and you just pay for what you need. However, as with on-premises SIEM and SOAR systems, you still need to have a dedicated team in place to manage it. For this reason, many Public Sector organisations, with limited resources, would benefit from going a step further from cloud-first security and opting for managed security services. With a trusted partner handling your cyber-security, you get all the benefits of a cloud-first product like Azure Sentinel, without having to worry about resource.
25% of Public Sector security leaders do not feel confident providing
security training materials or sessions
If not now, when?
Intelligent Security – Working with ElysianIT
Cyber-attacks on the huge scale that Russia inflicted on the US in late 2020 may be unusual – but the threat from cyber-criminals is real. Public Sector organisations cannot afford to wait before upgrading to the latest security systems.
We work with a number of high profile clients who not only have the usual business challenges in governing and securing their estates, but are specifically and actively targeted due to the nature of their work. These organisations equally have very strict data governance and management requirements, they work with us on a multi-layered security approach for which we provide continual strategy and guidance delivering measurable results.
Defend today – secure tomorrow
‘Assume Breach‘ Operation
The ElysianIT Cyber Security Workshop explores your current cyber-security situation, ascertains where you want to be and discusses how you can close the gap between the two.
As an exploratory workshop, this will help you understand your cyber-security challenges and presents the solutions and options available.