Getting the security / risk balance right in the public sector

by Steve Singer, ANZ Country Manager, Talend

As well as causing frustration for millions of Australians, the widespread problems experienced during the 2016 census shone a bright light on the importance of IT security in the public sector.

During the census, a distributed denial of service (DDoS) attack prevented many people from filling in electronic forms with their personal details. The result was a tedious wait for citizens and significant embarrassment for those in charge.

The rise of DDoS

The census problems were far from an isolated incident as governments around the world are increasingly having to deal with DDoS attacks. According to recent research from Corero Network Security, US-based organisations were hit by an average of 237 DDoS a month during the third quarter of 2017. This represents a 91% increase compared with the first quarter of the year and highlights that this ever-popular cyber-attack remains a significant threat.

When it comes to public sector services, the damage that downtime can cause is often not just financial, but can also be in the form of restrictions to essential public services. As governments increasingly digitise services such as health and transport, it’s not hard to imagine the potential for chaos should a successful DDoS take one of these critical infrastructure networks offline.

The problem can, however be mitigated. Sophisticated real-time software can make use of big data analytics to identify and block IP addresses making repeat suspect requests. The very size of a DDoS attack’s botnet could actually work against it, providing more data to help the intelligent computer system learn to detect and stop current and future threats.

Compared with the traditional approach to mitigating DDoS attacks of preventing all connections to the service, blocking only suspect IP addresses allows the majority of users to continue accessing the network without experiencing significant disruption. Machine learning and big data processing form the essential backbone of this approach, allowing computers to bear the brunt of analysing, categorising and pattern detection of different IP addresses.

The rise of BYOD

Further security challenges are being raised for public sector organisations by the increase in Bring Your Own Device (BYOD) programs and the fact that most employees now have personal devices connected to their organisation’s network.

While the organisation itself may have robust network security, with these types of devices it is very easy for users to download confidential information then access it while connected to a different, less secure network.

While organisations can ensure they are educating their employees about the importance of not sharing confidential information over unsecure connections, it can also be useful to be able to track who has accessed which information. This is especially effective in monitoring for corporate whistle-blowers, or habitual leakers.

Data lineage technology can keep track of who is accessing, copying or changing information, while big data analytics can be used to spot erroneous activity from different individuals or groups within an organisation.

For example, if a person is channelling terabytes of data out of the organisation, or repeatedly accessing information that isn’t pertinent to them, the system can spot this and alert management. The advantage of automating this is that the system can scale to detect these types of activity across the organisation, in a way that humans cannot.

Read more: If you don’t change security policies after a data breach, when will you do it?

The growing malware menace

Public-sector organisations need only to think back to the Petya, NotPetya and WannaCry malware attacks to understand the types of chaos that ransomware Trojan horses can cause. In the United Kingdom, doctors at NHS hospitals were unable to check patient records, issue prescriptions, or order vital tests.

The sad truth is that ransomware attacks are more likely than ever before and they are increasing in both volume and complexity. Without a more advanced approach to analytics, the public-sector risks falling prey to more such attacks in future.

However, if big data and analytics is the answer to many of the cyber-security threats facing organisations today, efficient data management becomes critical. Without being able to pull together all the different data streams from a range of different servers and systems into one consistent format, analysis on this sort of large scale would be impossible. This is where a vendor-agnostic, open-source approach to data integration is a crucial part of the digitisation process for security-conscious public sector organisations.

Read more: The week in security: Record-setting DDoS highlights need for security-policy reset

It’s important that the looming threat of cyber-attacks should not deter the public sector from adopting data-driven, cloud-based technologies. After all, the potential benefits of such technologies – from centralised medical records to sensor-driven city management – are hard to overstate. 

At the same time, the new Secure Cloud Strategy issued by Australia’s Digital Transformation Agency in February this year provides the processes and framework for enable government agencies to adopt cloud more securely.

However, in the process of undertaking such a digital transformation, organisations need to ensure they are also allocating resources to security. This is vital so that the public sector is able to keep pace with innovation while also remaining flexible, dynamic and secure. 

Tags BYODtalendDDoS attacks

Show Comments