By AJ Thompson, CCO at IT consultancy Northdoor plc
Third-party IT consultants can supplement internal teams allowing for a comprehensive view of where vulnerabilities lie.
Public sector organisations in the UK are facing an increasingly severe threat of advancing cyberattacks, such as ransomware, phishing and distributed denial-of-service (DDoS) attacks.
Cybercriminals are not only targeting personal and financial data to sell on the dark web, but they are also targeting critical systems in order to disrupt essential services, posing a serious risk to public safety and national security.
Cybercriminals view the public sector as a valuable target for both financial gain and political leverage from nation-state hackers. Legacy systems, budget restraints and a lack of training has meant that cybercriminals are taking full advantage of human errors and system weaknesses.
In 2024 research from the National Audit Office (NAO) found that 58 independently assessed critical government IT systems had major discrepancies in their cybersecurity posture, with 228 legacy IT system being described as vulnerable to cyberattacks.
The report also found that between 2023-24, one in three government cybersecurity roles were vacant or filled with agency staff, with more than 50 percent of cyber roles in many departments left empty. Budget restraints were again cited as a major barrier to hiring and retaining people with cybersecurity skills.
Organisations in the public sector are being attacked from all angles. A recent Freedom of Information request (FOI) revealed that HMRC blocked 23.7 million malicious emails between November 2021 and October 2022. This rose to a staggering 40.3 million between November 2022 and October 2023. A further 40.9 million emails were also blocked in the following 11 months. Overall, 105 million emails were intercepted by HMRC over a three-year period, demonstrating the perseverance of cybercriminals.
In healthcare, the Synnovis ransomware attack on 4th June 2024, caused widespread disruption to NHS services in London, with 10,152 acute outpatient appointments and 1,710 elective procedures postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust. Figures also show a hypothetical cyberattack focused on key energy services in the South East of England could wipe a staggering £49 billion from the wider UK economy.
In October 2023, the British Library was hit by a cyberattack attack by the supposedly Russian-backed Rhysida ransomware gang that compromised most of its online systems. Rhysida exfiltrated data, encrypted or destroyed substantial portions of the library’s servers and forcibly locked out all users from the network. The gang broke through the library’s virtual private network (VPN) and the lack of multi-factor authentication on this server is thought to have contributed to the attackers’ ability to gain entry.
The British Library’s legacy systems allowed attackers wider access than a more modern infrastructure would have allowed. Manual data transfer processes between older systems also increased the volume of sensitive data exposed on the network. The library’s legacy systems was also the reason for its extended recovery time, highlighting the importance of continual investment in modern infrastructure.
AJ Thompson, CCO at Northdoor plc, explains: “The protection of the public sector is critical as the UK faces new and relentless cyberattacks on national infrastructure. Whereas HMRC was able to intercept 105 million emails over a three-year period, budget restraints, legacy systems and the lack of training means that many public sector organisations do not have the resources to counter a cyberattack. This can have devastating impact on government organisations, public services and people’s lives.
“Cybercriminals are targeting the public sector from all angles and the attacks on HMRC, the NHS and the British Library is a perfect example of how cybercriminals are exploiting human error and system weaknesses. The public sector holds valuable, sensitive data and has always been an attractive target for cybercriminals looking to disrupt essential services and sell data for profit.
“Budget restraints have meant that some public sector organisations have significantly cut back on their work to build a robust cybersecurity posture. This could increase the severity of an attack when it happens and extend the time and cost it takes to recover. For example, the British Library has already spent £600,000 rebuilding its services and expects to spend much more as it continues its recovery work.
“As threats become more sophisticated, investment in both modern technology and expertise will be crucial to protecting government operations. The key to keeping the back-door locked is having an overview of the possible vulnerabilities that lie within your systems. For most public sector organisations who are facing financial pressures and a noticeable skills gap, this seems like an impossible task.
“Experienced third-party IT consultants can help to bridge the gap by ensuring that current employees have the skills and training to detect, respond and communicate cyber risks effectively which is essential for long-term cyber resilience.
“With internal teams struggling with the workload, many are turning to qualified third-party Security Operations Centres provided by IT services consultancies. Third-party IT consultants can provide a 360-degree, 24/7 overview of public sector systems. They have teams of experts who can supplement internal teams allowing for a comprehensive view of where vulnerabilities lie. This then allows public sector organisations to have urgent conversations and shut down vulnerabilities before they are exploited by cybercriminals,” concluded Thompson.
