The research with 1,000 public sector employees, revealed that almost half of respondents (47%) have either not heard of, or do not know what ransomware is, with 42% not having heard of, or what two-factor authentication (2FA) is. This lack of cyber security awareness is compounded by a lack of training – 77% of respondents have been given no instruction in how to recognise ransomware, while 16% have had no cyber security training whatsoever and 13% just once.
“The public sector has seen significant developments since WannaCry but these findings suggest that there is still progress to be made,” said Alyn Hockey, VP of Product Management, Clearswift, a HelpSystems Company. “As we’ve seen the volume and variety of cyber-attacks increase, especially during the coronavirus lockdown period, it’s an on-going fight for the public sector to stay protected and constant and incremental improvements are the key to success. The right technology is important of course, but of equal value is ensuring that employees are fully aware of cyber security best practice and that the right processes are in place to mitigate the risk.”
The research, ‘The Unknown Threat – Cyber Security in the UK Public Sector’ revealed that public sector employees were not all using the most up-to-date operating systems that help defend against cyber-attacks. 11% still use Windows 7 and 6% still use Windows 8, a key area of vulnerability if those systems have not been updated with the latest patch, as was the case with WannaCry. There is also a lack of access to experts who can advise on what to be aware of regarding cyber security - 68% say there is no dedicated cyber security expert in their organisation and only 12% have communicated with a cyber security expert in the last six months.
This is all compounded by working habits that can also leave the organisation more vulnerable to an attack. These include using unsecure file-sharing systems such as Dropbox or WeTransfer at least once a day (25%); personal USB sticks at least once a week (38%); checking personal email several times a day (51%) and using unauthorised devices at least once a day (33%).
However, there was more encouraging news should a public sector employee suspect they had become the victim of a cyber-attack at work. A majority of respondents (84%) said they would know what to do if that happened.
With the coronavirus crisis bringing increased cyber-attacks alongside many public sector workers working from home, the current period is an opportune time to address security vulnerabilities. Even as we gradually emerge from the pandemic, local government and the wider public sector is under pressure to maintain public services whilst also remaining secure, so it’s right to think about how that could be achieved.
“The UK public sector has put in place many of the processes required to defend against ransomware and other cyber-attacks,” continued Alyn Hockey, Clearswift. “But recent events have demonstrated a clear need for more cyber vigilance and it’s an on-going battle in defending the public sector against cyber crime. Communicating clearly about the dangers of ransomware and updating legacy operating systems would be a great start, ahead of a broader look at overall cyber security strategies.”