UK government to review all departments’ cyber-health yearly to mitigate threats 

The cybersecurity issue has posed increased risks to governments, citizens and businesses by exposing personal data. Since the pandemic, fewer companies invested in cybersecurity, considering the financial uncertainties at that time. Moreover, as employees were working from home, they couldn’t be protected under an organisation’s system, leading to easier access from hackers into laptops and computers. Only 68% of businesses in the UK find cybersecurity a must, compared to 80% in 2022.

This alarming situation shows that most organisations don’t believe their systems are weak until they experience a data breach. That’s also why 69% of businesses have recalled a data breach in the past month. At the same time, smaller companies faced a decrease in digital security issues, revealing that SMEs might invest more in IT compared to corporations.

What’s even more alarming is that few businesses have a sense of cyber hygiene, including properly setting passwords, having network firewalls and working on software policies. But this is about to change, as the UK government plans on checking their systems more frequently.

Mitigating cyber security by implementing more rules

The UK government approached cybersecurity guidelines in 2022 when they improved the country’s mobile and broadband networks to avoid infrastructure attacks. This year, the same institution is taking another step towards proper cybersecurity by implementing a cyber-resilience plan that would protect the establishment’s IT functions from supposed threats.

Therefore, all of its departments will be audited once a year to ensure cybersecurity norms.

The approach is called GovAssure and is provided by the Cabinet Office’s Government Security Group (GSG). Some important updates will be included in the government’s system with this update, such as measuring cybersecurity indicators, validating results with the help of third parties and approaching a more centralised IT security policy.

GovAssure has the goal to provide more visibility of the system’s common cybersecurity issues while developing clear expectations for the departments. The CEO of the National Cyber Security Centre stated that this plan will improve cyber resilience considerably in the UK.

What cybersecurity approaches has the government taken so far?

The UK isn’t mitigating cyber security for the first time. The government’s website tackles sensitive subjects such as projecting risk management for businesses to identify risks or raising awareness by training employees. A step-by-step guide to cyber security is also provided and includes numerous sides of cybersecurity, from asset management to supply chain security.

Tackling cybersecurity issues isn’t that easy. According to https://www.databreachclaims.org.uk/, data breaches are difficult to unfold, considering they can involve many types of information, such as postal addresses, personal data, BCC emails and such. Generally speaking, anything that includes a person’s identifiable information that is spread around the internet and used for illicit purposes makes the case of a data breach. GDPR documents can be used as guidelines for analysing breached data since the regulation is one of the strongest regulations in the EU.

It’s true that at the time of its deployment, GDPR made companies and users angry as well since it implies complex rules that businesses need to follow. Otherwise, they’ll be fined considerable amounts of money. Meta, for example, was fined 1.2 billion euro for Facebook’s questionable transfer of personal data from EU users to the US. The level of relocated personal data was massive, which is why Meta’s fine is one of the most considerable GDPR fines ever.

How can governments better address cybersecurity issues?

Governments have an important role in providing guidance and protecting citizens, and this can account for cybersecurity too. These institutions can approach the issue by adjusting national frameworks to adapt to current technological changes. Governments are the first who should be prepared to mitigate cybersecurity because they hold important information on their citizens.

At the same time, national establishments can increase international cooperation by connecting with countries whose common enemies are posing risks to systems. Viruses, for example, can be placed in numerous places that seem to have no particular connection but operate in similar ways. What governments of these areas can do is gather their forces, identify the risks and look for a solution that is beneficial for all parties.

But from far, the strongest thing institutions can do is to create awareness campaigns and constantly remind people of the risks present in the cyber world. There’s an extent to which governments can get involved in protecting people from problems. For example, they can’t control passwords or the way citizens use their information, but they can talk about it informally for everyone to understand the risks.

Can businesses protect themselves 100% from cyber-attacks?

Businesses are the ones who usually take customer data and use it to personalise experiences, products and services. They need to be careful with how information is stored within their systems, which can sometimes be dangerous. That’s because companies aren’t able to protect themselves 100% from data breaches and cyber issues, which is worrying. However, they can decrease the chances of experiencing such an unpleasant situation and also reduce the consequences of an attack.

For example, organisations should train their employees to be aware of their online activity, set strong passwords and not share information with someone outside the office. There are also individuals who reveal such data after they’ve no longer been employed in the business, which is a complex and uncomfortable case.

Management should also avoid giving access to all files and documents to all employees because this increases the chances of data being accessed in multiple ways. Information should be only shared with those who are directly involved in a certain project. But these practices must be discussed by the boards and implemented by management and other departments. Otherwise, companies are only propelling themselves into an endless chain of exposure to hackers.

Final considerations

The UK government has implemented another cybersecurity plan for its departments after its project in 2022 for cyber resilience. This step is important for the country to mitigate data breaches and other issues because many businesses don’t prioritise cyber security enough, leading to experiencing data violations in the system at least once per year.

Leave a Reply

Your email address will not be published. Required fields are marked *