techUK's Government Group is our thriving community of 500 tech suppliers to Government. The group is composed of companies of all sizes, from new entrants to some of the biggest companies in the world. Group members receive our govtech market intel, and opportunities to engage with Government to understand their requirements and explore how tech can help meet them. If you're a techUK member working with Government to transform the delivery of our public services then this is the group for you.
CyberArk: Addressing Cyber Debt In The UK Public Sector
The drive towards digitalisation has long been an ambition widely held within the UK government. With the advancement of technology and the continuing rollout of projects such as hybrid work across the public sector, the government’s far-reaching Digital, Data and Technology (DDaT) strategy was strengthened by commitments made during the 2021 Comprehensive Spending Review.
As society continues to embrace an always-on culture, demand for online citizen services is being further driven by government promotion of “digital by default” policies and the persistent push to provide more with less. The public sector IT estate is vast, as are the costs to maintain it. Legacy systems, many of which lack interoperability and scalability, were already struggling to cope with workloads that they were never designed to handle prior to the advent of the COVID-19 pandemic.
In early 2020, as the first effects of the crisis began to be felt, the necessity to ensure continuity of services brought some of these issues into sharp relief. As the country locked down, organisations were forced to rapidly implement home/hybrid working solutions.
Demonstrating exemplary levels of agility and resilience, departments right across the public sector swiftly adapted to new ways of working – in many cases far more swiftly than would normally have been anticipated. Technology played a huge part in affecting the transition. In keeping with wider government policy, services were quickly migrated to the cloud. Emerging technology solutions such as robotic process automation (RPA) were increasingly adopted. However, in fulfilling the urgent requirement to rapidly transition to new digital models, organisations have not prioritised cybersecurity to the same degree. Because of this, gaps in security have been created, leaving systems exposed and potentially vulnerable to attack.
The public sector has seen the transformational power of applying the right DDaT strategies. However, their application has shone light on a number of systemic frailties. Failure to ensure security is implemented at the outset of a project creates cyber debt, where investments focused on driving operations and growth has outpaced the tools that should secure them. It leads to organisations constantly having to catch up. By getting it right the first time, such problems are avoided. Security must always be included when deploying new systems.
Something of an IT arms race is underway. Our adversaries are motivated, agile and technologically sophisticated. Cyber-attacks grow increasingly more complex in nature and have the potential to inflict very severe harm on the networks, data and services upon which the nation relies. The threat landscape changes constantly, evolving as hostile actors continually probe for weaknesses.
While no two IT landscapes are the same, attackers will frequently attempt to penetrate security by seeking vulnerabilities in privileged accounts. Research conducted by Forrester indicates that 80 per cent of breaches involve privileged access abuse. Breaches often follow a four-step pattern. Initially, an attacker will seek to gain unauthorised access to privileged identities. Once this has been established, they will move both laterally and vertically through the network in search of high-value targets before using elevated privileges to achieve their goals, such as theft of data, intellectual property, or disruption of service.
Innovative technologies are undoubtedly central to the transformation we are seeing at all levels of government. Yet we inhabit an uncertain world. As the threat grows and changes, as those who would harm us seek to reap nefarious benefits from technological gain, the need for vigilance must be uppermost in the minds of digital leaders throughout the public sector.
In order to fully benefit from transformation over the long term, cybersecurity needs to be a central pillar in any major IT or digital programme and not an afterthought.
To read more from #techUKDigitalPS Week, check out our landing page here.
Dan Lattimer is director, EMEA government and defence at CyberArk, having led the UK and Ireland sales team for several years previous to this. Dan specialises in helping large public sector organisations deliver security and digital transformation initiatives. Typical projects in these areas include reducing risk to critical data and assets, securing the supply chain, enabling secure change management and safeguarding the journey to the cloud. To learn more about Dan, please connect with him on LinkedIn.
On Tuesday 5 April, techUK was delighted to host the Cabinet Office and industry representatives for the launch event for the UK Government’s Digital, Data and Technology Sourcing Playbook which was published on 28 March 2022. The DDaT Sourcing Playbook sets out guidance – in one place – as to how digital projects and programmes are assessed, procured and delivered in central government departments, arms-length bodies and the wider public sector. Through the application of what is commercial best practice, the Playbook addresses 11 key policies and six cross-cutting priorities that will ensure government gets things right from the start when it comes to procurement.
You can watch the recording of the launch event in full here:
Join our Government Group
All techUK's work is led by our members - techUK members can keep in touch or get involved in our work by joining our Government Group, and stay up to date with the latest events and opportunities in the programme. Scroll down to view recent insights, and upcoming events and opportunities.