08 January 2024

Tackling cyber vulnerabilities

Tackling cyber vulnerabilities   image
Image: SomYuZu / Shutterstock.com.

James Young, chief technology officer at Cantium Business Solutions, discusses how vulnerability management can play an important part in managing cyber security risk.

The cyber security landscape for local authorities is complex and ever evolving. Like other government entities, they face a range of cyber threats, each unique to their organisation. However, there are some commonalities such as the reliance of legacy IT systems, which may have security vulnerabilities that are not easily patched or updated, the need to protect sensitive and personal data and the prevalence of ransomware attacks.

A growing threat

The risk of a security breach has become an increasing reality for local authorities. Findings from a recent Freedom of Information request show that almost 1500 data breaches were disclosed by councils last year. While a recent report from Sefton Council highlighted that it has been fighting off over 30,000 cyber-attacks a month. Having commissioned two external reviews of its systems, including assessments by Microsoft and the Local Government Association, it found, like many other local authorities across the country, that its IT infrastructure was being targeted.

Keeping users, devices and core infrastructure up to date in large organisations, like county councils, which have thousands of employees and large amounts of IT equipment can be challenging. Vulnerability management is a critical aspect of proactively identifying and managing cyber security risk. It involves identifying, assessing, prioritising, mitigating, and monitoring vulnerabilities in the IT infrastructure to protect against potential threats. Effective vulnerability management not only reduces the attack surface of an authority’s systems and applications, but it also makes it more challenging for attackers to find and exploit vulnerabilities.

Proactive defence

With hundreds of vulnerability instances happening across the IT estates of local authorities, manually identifying threats takes a long time. Especially when environments have grown in complexity over the years and more layers of IT have been added and not sufficiently managed. To minimise the risk of unauthorised access to sensitive data, it’s important that local authorities control and monitor access to devices, systems, and data for employees throughout their employment lifecycle, as well as assess incoming threats. Ideally, local authorities need clear visibility of their vulnerabilities, and a measure in place that prioritises them in the order they need to be remedied to make the biggest impact.

Vulnerability management platforms offer a wide range of benefits for local authorities looking to enhance their cyber security posture and protect their IT infrastructure. Not only do they provide a comprehensive view of the IT environment, including devices, applications, and services, but this level of visibility also helps IT teams to understand their attack surface and identify any potential vulnerabilities.

For in-house IT professionals this frees them up to focus on more strategic and proactive tasks, such as delivering new functionality or effectively maintaining the IT estate. By deploying a platform that continuously monitors for vulnerabilities in real-time, the need to carry out manual assessments is reduced, speeding up the vulnerability discovery process, so that local authorities can stay vigilant against evolving threats and emerging vulnerabilities. The ultimate goal of a vulnerability management platform is to reduce the authority’s overall cyber security risk by identifying and mitigating vulnerabilities before they are exploited.

Breaches can be expensive and managing vulnerabilities can lead to cost savings in various ways, such as reducing the need for incident response, litigation, and regulatory fines associated with breaches. It also avoids the expenses of patching systems after an attack. By streamlining the vulnerability assessment process and prioritising risks, local authorities can use these platforms to help save time and reduce the costs associated with cyber security efforts.

Keeping information safe and secure

Vulnerability management is an ongoing process that requires a proactive approach and a commitment to maintaining a strong cyber security posture. It’s a fundamental and integral part of a robust cyber security strategy and increasingly important for local authorities given the sensitive information they hold and the prevalence of attacks.

Implementing a robust vulnerability management program helps local authorities to protect their IT assets and the sensitive data they manage. It’s not just about managing vulnerabilities effectively, enhancing overall cyber security posture can help maintain the trust and confidence of the public and partners, whilst also ensuring the organisation is meeting compliance requirements.

High profile breaches serve as a reminder that whenever an organisation has valuable data, cyber criminals will attempt to steal it. There are many ways in which data breaches can occur, but having visibility is the first line of defence to help local authorities identify and address weaknesses in their IT infrastructure before cyber criminals can exploit them.

SIGN UP
For your free daily news bulletin
Highways jobs

Activites Assistants (CASUAL)

Durham County Council
£24,404 (12.65 p.a. hour) - £25,183 (£13.05 p.a. hour)
This is an exciting opportunity for Casual Activities Assistants to join our Leisure and Sport Service.   Leisure Centres are
Recuriter: Durham County Council

Pension Administration Officer

Durham County Council
£24,404 to £25,183 p.a. (Grade 3) Pay award pending
A vacancy has arisen within Pension Services for an Administration Officer to provide admin and data support to the pensions team and members of the L Durham
Recuriter: Durham County Council

County Attendance Officer

Oxfordshire County Council
£37035 - £39513
We are seeking to recruit to the role of County Attendance Officer on a permanent basis to work predominately across the North or the South of the county. The team works across the whole of Oxfordshire so flexibility to work in other areas is also require County Hall, Oxford
Recuriter: Oxfordshire County Council

Software Engineer Starter

West Northamptonshire Council
£26914
We're looking for an exceptional human to join our digital team to learn the skills and put them into practice, designing, developing and maintaining websites, mobile apps & AI. You'll join us on our journey as we create better end-to-end services for our Northampton
Recuriter: West Northamptonshire Council

Executive Director - Growth, Enterprise and Environment

Redcar & Cleveland Borough Council
£139,111.00 (pay award pending)
This is a chance to make a significant difference to the lives of families across our borough – and to seriously improve your quality of life. Redcar and Cleveland House, Kirkleatham Street, Redcar, TS10 1RT
Recuriter: Redcar & Cleveland Borough Council
Linkedin Banner