Data breaches and cyber-attacks have become almost a way of life for the UK’s local authorities today. The number of incidents reported to the Information Commissioner’s Office (ICO) soared 44% between Q1 and Q2 this year. Today, it’s clearly not a case of ‘if’ but ‘when’ organisations are hit. But the focus is still primarily on preventing external threats. In reality, there’s a much bigger and harder-to-contain risk associated with those who already have privileged access to your network: your employees.

IT leaders therefore need to refocus on controlling the insider threat. And the service desk is the prime candidate to lead such efforts, backed up with multi-layered and automated endpoint security tools.

Councils under attack

Every employee stores, transfers and processes information. That’s not so different from a piece of software. Yet more often than not we tend to forget about taking steps to mitigate this potential security threat. A recent FoI request revealed that 86% of local authorities spent nothing on IT security training this fiscal year. And over a third (40%) have no management tools in place to protect mobile devices.

Yet the threat is very real – whether it comes from negligence and carelessness or malicious intent. A recent Ponemon Institute poll found that 36% believe malicious insiders are the greatest risk to IT security, not far behind negligent insiders (40%). More and more councils are rightly looking to tap cloud-based services and mobility in order to stretch austerity hit resources. But the unfortunate by-product of this digitisation is extra information security risk. The data local authorities store and process is increasingly highly coveted by cybercriminals as its value rises on the cybercrime underground. And hackers are also aiming ransomware at local councils more frequently, as they’re seen to be more willing to pay up – nearly a third fell victim last year as a result.

Each and every employee is effectively an entry point into your network that can introduce risk. It could be as simple as clicking on a malicious link or opening an attachment in a spam email; downloading an unapproved app; losing a device; or even walking out of the door deliberately with sensitive information.

Leading from the front

The impact of a data breach incident or successful ransomware attack can be devastating. Fines from the ICO, capped at £500,000 are soon to be superseded by potentially astronomical financial penalties from Europe, with the forthcoming General Data Protection Regulation. A ransomware attack, meanwhile, could lead to prolonged service outage and significant costs related to clean-up and remediation, not to mention the initial ransom demand. Lincolnshire CC was effectively taken offline for a week after just such an infection.

So what’s the answer?

User training and education should always be the first port of call. But it will only get you so far. You need the right processes and technology to back this up. Visibility is essential to improve your security posture against the insider threat, and no function is better placed to offer this than the service desk. It can spot and piece together the tell-tale signs of a potential breach or infection – perhaps a slow running app or frequently crashing PCs – and then escalate to IT security teams.

The service desk is also in a great position at the coal face to report on compliance efforts. By keeping track of users, it can flag risky behaviour and even suggest when individuals need extra training. Cultural change of this sort can be slow, but armed with the right set of technologies the service desk can be a driving force for improvement across the organisation.

Those tools should include automated patch and configuration management to introduce stability and remove the chance of any known vulnerabilities being exploited on endpoints – a common method for attackers to get a foothold in networks. Application whitelisting can then be layered on top to mitigate the risk of zero day threats, while encryption will protect data wherever it travels – keeping it safe and the organisation compliant. Also consider automated tools to push and enforce policies governing removable media and mobile devices – two other prime vectors for data loss and malware infection.

With the right set of tools and the service desk leading the way – in close concert with IT security, HR and other teams – local authorities can finally begin to mitigate the insider threat. But they must remember to seek feedback from staff when drawing up policies, or the spectre of shadow IT could disrupt these best laid plans.

Richard Giblin is Director, Public Sector, HEAT Software

www.heatsoftware.com