The UK public sector faces an ever increasing barrage of cyber attacks every hour of every day. 尽管许多这样的攻击, 就像每个领域都发生过的攻击一样, 是完全自动化的, there’s a growing number of targeted attacks conducted by highly-skilled and well-funded adversaries.
This growth of cybercrime and state-sponsored intrusions has been on a monumental rise over the last 15 years. 随着技术的进步, become more affordable and made its way into the hands of almost everyone, the nefarious drive to use this technology for financial gain and espionage has grown proportionally.
Alongside this, the time to market for public vulnerabilities has greatly reduced.
It’s becoming more common for exploit proof of concept code to be available shortly after a vulnerability is publicly disclosed (often within hours or days). 虽然有助于确保制定适当的缓解措施, it also greatly accelerates the creation of automated exploitation mechanisms. This gives cyber criminals easy and cheap access to exploit tools that can deliver malware at scale, 通常不需要人类的互动.
The cyber security industry itself has become an industrialised economy, both through the research and sale of high value zero-day exploits and the increasingly cheaper cyber crime toolkits available on the darkweb. When cyber criminals are offering ransomware via an affiliate program and the cost of adequately protecting against attacks is far higher than it is to procure them – the public sector has a major issue.
The UK government’s response to this growing threat was clearly outlined in its 《十大正规博彩网站评级》 (2022年2月出版).
“Government’s critical functions are to be significantly hardened to cyber attack by 2025, with all government organisations across the whole public sector being resilient to known vulnerabilities and attack methods no later than 2030.”
——《全球最大的博彩平台》
Despite providing some very clear plans for public sector organisations through its Vision, 目标, Pillars and Objectives – the headline statement that all critical functions are to be significantly hardened to cyber attack in just two and a half years and all public sector organisations must be resilient to known attack in seven and a half years, 是一件很难让你理解的事情吗, 但我们是来帮忙的!
那么这些外星太空黑客呢?
Cyber security commonly gets a bad rap and I struggled to understand why, 尽管在地里干了很多年, 直到我读到这段引文 凤凰计划 作者:吉恩·金、凯文·贝尔和乔治·斯帕福德.
“They’re always coming up with a million reasons why anything we do will create a security hole that alien space-hackers will exploit to pillage our entire organisation and steal all our code, 知识产权, 信用卡号和我们所爱之人的照片.”
——比尔·帕默,《凤凰计划
It often feels like there’s 2 forms of risk: the clearly obvious and the frankly bizarre. 就我个人而言,我的注意力经常集中在外星太空黑客身上, 这是可以理解的, having spent many years of my life helping the public sector defend against some of the craziest, most inconceivable cyber security threats that you couldn’t even imagine.
然而,这并不是常态,我们并不都面临同样的风险. 正因为如此, a cyber security function can’t create a single template for doing security well, 将其推广到公共部门,收工.
Equally, there is no one silver bullet when it comes to defending against risk. 不存在零风险、完全安全的解决方案. Cyber security risk can only be understood, managed and remediated. Organisations must plan for the worst, defend for the known, then monitor and respond to the rest. 随着威胁的演变,应对措施也必须如此. 网络安全从来没有完成过——这是一种需要嵌入的文化.
为什么要做科技?
Building securely has been a key part of Made Tech’s delivery philosophy since its inception in 2008, but it’s become clear over recent years that our partners in the public sector have struggled to keep up.
影响这一点的因素有很多, 缺乏熟练的资源, budget constraints and the focus on adding features above securing the basics.
Providing a dedicated cyber security consultancy service that sits alongside and compliments our growing set of services enables us to continue in our core purpose to positively impact the future of the country by using technology to improve society, 对每个人来说.
威胁可能永远不会结束, but that doesn’t mean we want to lock you into a never-ending commitment to us as a cyber security consultant. 正如我们在技术交付方面的记录一样, 我们的方法是帮助灌输这种文化, competencies and ways of working to leave your organisation fully equipped.
Because defending the public sector from cyber attack is incredibly important, but making sure the public sector is empowered with the technology, knowledge and support to continually defend itself is Made Tech’s mission.
If you’d like to hear more from us on cyber security and the public sector, sign up for 制造技术见解 to get new blog posts and other content delivered straight to your inbox.
