PROTECTION

RISK

HACKERS

THEFT

CONNECTEDCITIZENS

SECURITY

Connected CitizensIs a lack of trust the biggest assaulton ‘digital by default’?

On the surface of it, this drive to make every government service available online is a win-win situation for service providers and citizens alike.

For public bodies, the speed and efficiency of digital services are estimated to lead to savings of around £1.8 billion a year1.

Meanwhile, with the vast majority of the UK population already online2, access to these services at any time of day will benefit citizens too.

Research by Ofcom suggests that UK adults spend on average 14.2 hours a month on the internet3. There are also around 650 transactional government services already available online. As such, you would expect a high level of digital service use.

In fact, the opposite is the case. According to the Government’s own digital strategy, “There is only a handful of these services where a significant majority of people who could use the online option do. Many have a digital option but few people use it.”4

So why is this the case?

Opinion Paper Connected Citizens

From April 2014 onwards, every new or redesigned government service is expected to meet the standards set by the Government Digital Strategy.

The idea behind it? That UK government services will soon become ‘digital by default’.

PROTECTION

RISK

HACKERS

THEFT

REPUTATION

MALWARE

1https://www.gov.uk/government/collections/government-digital-strategy-reports-and-research2https://www.gov.uk/government/collections/government-digital-strategy-reports-and-research3http://consumers.ofcom.org.uk/2010/08/tv-phones-and-internet-take-up-almost-half-our-waking-hours4https://www.gov.uk/government/collections/government-digital-strategy-reports-and-research

Available figures show that 2012 was far from a golden year for public sector data management. Fines handed out to government bodies and organisations by the Information Commissioner’s Office (ICO) had more than doubled from 2011, rising from £1.17 million to £2.6 million.

In 2013, we surveyed 3,000 consumers about the level of trust they placed in local and central government departments to safeguard their personal information5.

The results were clear. Central government organisations have seen their ‘trust score’ fall from an average of 3.18 in 2003 to just 2.79 last year. The decline in trust for local government matches this almost point-for-point - from 3.14 a decade ago to 2.77 more recently.

While this outlook may be bleak enough by itself, of particular note for the public sector should be the sharp decline in those citing “implicit trust”. Fourteen per cent of consumers said they had full confidence in central government to protect their information in 2003, followed closely by 13% in local government; only banks were trusted more at this point in time. In late 2013, those figures stood at just 6%. Little wonder that 91% of consumers said government could be doing more to protect consumer data.

These findings suggest that building, or rebuilding, trust in government services through data security is imperative. But this task takes on even greater significance when you consider the potential risk to national security.

Protecting the country According to Cabinet Office Minister Chloe Smith6, the UK Government faces around 33,000 cyber attacks each month from sophisticated criminals and state-sponsored groups. Malicious threats have to be blocked on a daily basis as “ever more innovative” ways are devised to threaten national security.

The National Security Strategy has even gone as far as categorising cyber attacks as a Tier One threat to our national security, alongside international terrorism.

The issue is that many existing digital government services are simply not built to prevent such attacks. They are either too old or have been left undefended – all of which means the back door could have been left open to cyber criminals who can attack systems or steal citizen data while working with anonymity from afar.

As cyber criminals become more sophisticated so the gap widens between external threats and internal defences, creating a ‘cyber chasm’.

Crossing the cyber chasm The Government recognises this, however, and has put on record its commitment to making the UK to be the safest place to do cyber business.

To combat cyber threats Whitehall is investing in major initiatives to protect government services. However, the man overseeing the strategy to defend the UK’s computer systems from attack, Francis Maude MP, Minister for the Cabinet Office, freely admits that cyber security is a “never-ending battle” and described the fight against cyber crime as “work-in-progress”.

All of which means increasing pressure on both central and local government bodies to make security a key concern now and into the future.

Opinion Paper Connected Citizens

Trust is a major issue.

Perhaps the major obstacle is a distinct lack of trust in government’s ability to protect our personal information.

5DataHeaven or DataGeddon? Fujitsu, 20136http://www.independent.co.uk/news/uk/politics/government-faces-around-33000-cyber-attacks-a-month-reveals-cabinet-office-minister-chloe-smith-8584636.html

Opinion Paper Connected Citizens

What can government bodies do?

Invest the time to know your risks1

Be clear about what you are protecting2

Know what you are protecting against3

Train and educate your people4

Keep up-to-date with everything - technology, people & processes5

At Fujitsu we advise central and local government organisations on how to improve security. The first thing we explain is that crossing the ‘cyber chasm’ requires ongoing effort. It is not enough to put in place a security policy. It must be put into action.

Public sector bodies must also gain the skills required to tackle emerging threats. This requires a commitment and an understanding from senior management.

We tell our clients to follow five key steps to reduce the gap with cyber criminals and protect citizen data:

Ignoring even these simple actions could mean more citizen data in the hands of criminals or terrorists, a cyber chasm that grows wider every day and the failure of the entire ‘digital by default’ initiative.

Discover more about the five key steps.

Download the infographic >>

Ref: 3488. Copyright © Fujitsu Services Ltd 2011. All rights reserved.No part of this document may be reproduced, stored or transmitted in any form without prior written permission of Fujitsu Services Ltd. Fujitsu Services Ltd endeavours to ensure that the information in this document is correct and fairly stated, but does not accept liability for any errors or omissions.

Contact us on:Tel: +44 (0) 870 242 7998Email: askfujitsu@uk.fujitsu.comWeb: uk.fujitsu.com

Start with Secure Thinking.Get a FREE Fujitsu Information Security

and Risk Assessment.Contact the team at Fujitsu on:

0870 242 7998or visit

uk.fujitsu.com/securethinking

Keep up-to-date on everything! Cyber threats are constantly evolving, meaning it’s not adequate to simply ‘fit and forget’. It’s essential to keep

all defences up to date.Many organisations fail to refer to security risk assessments

to identify the people, processes or technology that need to be brought up-to-speed. The result is that gaps start to creep in.

5

ACTIONKnow your risks and ensure your security matches your

organisation’s data protection obligations.

Invest the time to recognise your risks Cyber criminals target complacency.

An organisation might not understand the full risks or think there is nothing worth targeting. It is this mindset that leaves it

vulnerable to attack from a range of vectors:

ADVANCEDPERSISTENT

THREATS

MAlwARE

lOSSOF DATA

CYBERSTAlKING

PHISHING SCAMS

IDENTITY& ACCESS

MANAGEMENT

FRAUD OR IDENTITY

THEFTCOMPUTER

VIRUSES

DENIAl- OF-SERVICE

ATTACKS

1

ACTIONGet a complete risk assessment of your Cyber Security

to understand the risk of every potential attack.

Know precisely what needs protecting Once you know the risks you will know what you need to protect.

This does not have to be a costly process. It is all about developing a plan that covers cyber security across

every area of your organisation: from your people and your processes to your technology.

INFORMATION SECURITY AND RISK

ASSESSMENT

PEOPlE PROCESSES TECHNOlOGY

TRAINING COMMS SKIllS GOVERNANCE POlICIES

CONTROlS NETwORK DATACENTRE STORAGE APPlICATION

2

ACTIONAnalyse your infrastructure through an audit and

allocate a sliding scale of resources according to the potential impact on the organisation.

Be clear what you are protecting against Anti-virus and URL filtering used to be sufficient protection

from cyber attacks. Not anymore.The increasing sophistication of targeted attacks has changed

everything. Today’s advanced attacks occur in seven stages that can result in the theft of your data.

But are your defences ready?

3

ACTIONLook for evidence of advanced threats or data theft

and take preventative measures to protect the organisation from future attacks.

RECONGather online information to build targeted lures

1

lURETwo Types: email and web

2

CAll HOMECalls home for more malware to expand attack

6

DATA THEFTCybercrime reaches outinto internal systems for data to steal.

7

DROPPER FIlEIf vulnerability exists, malware dropper file is delivered.

5

ExPlOIT KITUser’s system is inspected for an open vulnerability

4

REDIRECTFunnels and sends the user to a hidden server.

3

FREE GIFTS

CYBERCRIMEOPERATIONS

FREE GIFTS

CYBERCRIMEOPERATIONS

FREE GIFTS

CYBERCRIMEOPERATIONS

FREE GIFTS

CYBERCRIMEOPERATIONS

FREE GIFTS

CYBERCRIMEOPERATIONS

FREE GIFTS

CYBERCRIMEOPERATIONS

FREE GIFTS

CYBERCRIMEOPERATIONS

what should you be looking out for?

stages of advanced threats & data theft

Train your people to recognise the threats A report by the National Audit Office claims the IT security skills gap will take up to 20 years to close, leaving the UK

vulnerable to regular attacks.Public and private sector organisations must train staff to

follow security policies and procedures and provide them with the essential skills to tackle cyber crime. More than that, senior management must invest the time in understanding the risks

and what investments to make.

Trust in the ability of government organisations to protect citizen data is at an all-time low.

Fujitsu presents: 5 practical ways you can start to protect citizen data.

Source: National Audit Office& Information Commissioner’s Office

4

ACTIONUnderstand which skills already exist and which ones

are missing and then create a programme of staff training for all levels of the organisation.

44mcyber attacks in

2011 in the UK

£2.6MIllION

Fines handed out by the ICO to government

organisations in 2012

80%Proportion of cyber attacks

that could be prevented through simple

computer and network ‘hygiene’

Working together with expert security partners:

PROTECTIONPROTECTION

RISK

HACKERS

THEFT

SECURITY CONNECTEDCITIZENS5 ways to protect citizen data.

Source: Fujitsu Source: Clearswift

80%Number of councils that experienced a

security breach in 2012

Those with ‘implicit trust’ in central government to use data securely

6%2013

14%2003

The question is: Are you taking them seriously?

Meanwhile, cyber attacks are on the increase.