Securing business data

White Paper Article

As a public sector organisation, how do you achieve true cyber security? Islington Council have found the answer!

by Giulia Foss | 20 Jul 2017

City under attackAccording to a government report, from the Department for Culture, Media and Sport, in the UK alone as many as 46% of companies suffered from a cyber attack or breach of their computer systems last year compared with just 24% the year before. Yet this figure may represent the tip of the iceberg with many companies truly unaware of the amount of attacks they have suffered. Other reports show that in the UK ‘97% Businesses experienced a data breach in the past five years’ (2017, Cyber risk challenge, Lloyd’s)

Under attack

The WannaCry NHS attack is the latest in a string of high profile cyber-attacks that have crippled both public and private institutions, and it is unlikely to be the last unless organisations become savvier. The reality is cyber-attacks represent one of the biggest threats to sovereignty, economy, privacy and many other things that haven’t necessarily even considered. The impact of an attack is far ranging and the implications are huge. An attack that affects public sector entities could even result in loss of life!

Off the shelf ‘solutions’

If public (&private) bodies are to avoid the threats posed by cyber-attacks it’s key they take a proactive approach. Organisations all too often think that an of the shelf solution will protect them against cyber threats, this is a common misconception and it’s the reason attacks as the like the NHS WannaCry breach have had such a huge impact.

Knowing when an attack happens

Something that a lot of people are unaware of is that Attacks are constant and the average breach goes undetected for 229 days. According to Forbes research, once an incident is discovered, it often takes months for security to investigate the overall damage and sheer size of the cyber-attack. This ultimately prolongs response time and resultantly has led to a devastating $3.5 million average breach cost for businesses in 2014. Software solutions alone are fallible and act as no defence against the true threat of a cyber-attack.

For public sector bodies this is especially true, alert monitoring and analysis on the basis of a piece of software is a challenge for many resource-strapped local authorities. With a growing number of systems to monitor, it is all too easy for security teams to become overwhelmed with alerts – many of which may be irrelevant.

Taking a holistic approach

Intelligence led monitoring is the only effective way to proactively detect an attack, add to this full compliance and governance and you’ve got it nailed!

Sometimes treated with less importance, governance is actually the key player when it comes in the difference between safety and security and complete vulnerability, particularly in regard to public sector bodies, of which even the most basic have to comply with over 40 separate laws for managing information.

The most plausible reason for outage of NHS services during the WannaCry was ultimately down to the mandate to switch computers off as a way of trying to protect data in the absence of knowing the correct response. Something that governance and compliance takes care of.

Cyber security vs Public sector budgets

Putting these measure in place can  seem like an impossible feat particularly with shrinking budgets, resources and a gap in cyber security expertise. And although tackling such a huge threat may sound costly, the reality is the savings of implementing a comprehensive ongoing strategy are immeasurable. This is something that Islington Borough Council discovered upon engaging with CNS Group.

How Islington Borough Council and CNS Group are protecting quarter of a million residents and saying ‘no’ to security breaches

Islington Borough Council provides services such as housing, social care, health, transport and leisure, to approximately 216,000 inner London residents.  As a public sector organisation, Islington must protect a large and disparate data store of around 300 terabytes of confidential and sensitive information. The Council has to meet all the regulatory and statutory compliance requirements placed upon it by government and also to maintain its connection to the Public Services Network (PSN). 

CNS Group were selected by Islington as one of the most experienced and advanced cyber security companies in the industry in order to provide a solution which would allow them to become impervious to cyber threats.

“CNS Group’s breadth of public sector experience and accreditations, excellent technical and project management teams and proven delivery to organisations like Islington gave us great confidence in their managed services” says Patrick McCarty, Project Lead, Islington Borough Council.

Islington Borough Council - Choosing the right partner to fight the threat

Islington evaluated the Mosaic Comply and Secure (HMG) service as a way to comprehensively log, track, and analyse user and system activity, whilst eliminating the technology and resource burden of building, configuring, maintaining, and monitoring an in-house data collection solution.

The service is now fully operational and CNS analysts are monitoring Islington systems on a 24/7/365 basis, working to agreed parameters. The team liaises with council staff to determine whether a security event represents suspicious activity and should be considered a threat.  If this is the case, the CNS analyst notifies the assigned Islington contact, irrespective of the time of day.

Click here to register for your free security & compliance consultation

Click here to read the full Islington Borough Council case study

*All CNS consultants that provide the Comply and Secure service are certified professionals with SC clearance and have been either Non Police Personnel Vetted (NPPV) or Management Vetted (MV).

call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere