Cyberattacks are a growing threat for organisations. Cisco estimates that distributed denial-of-service (DDoS) attacks – where victims’ servers are flooded with disruptive traffic – will grow to 15.4 million by 2023 globally, while ransomware attacks more than doubled between 2020 and 2021 to 623 million. The UK government’s Cyber Security Breaches Survey 2022 also found that nearly two-fifths of UK businesses had identified a cyberattack in the year up to July 2022.
Public sector organisations, particularly those that manage critical national infrastructure, are particularly susceptible. Healthcare continues to be a major target: 20 per cent of the 777 cyber-incidents that the UK’s National Cyber Security Centre (NCSC) dealt with in the year to September 2021 were linked to the health sector and vaccines. The non-profit Jisc, which provides IT support to the education sector, also found that 57 per cent of UK higher education institutions surveyed had reported a cybersecurity incident in the past 12 months.
A big challenge for the public sector is the sheer scale and complexity of the cybersecurity threat and the sophistication of cybercriminals, which can include entire nation states (such as Russia) alongside individuals or criminal groups. As a result, public and private sector organisations need help identifying the most serious threats and acting on them quickly.
To achieve this, they need to put data at the centre of their organisations. Cybersecurity is fundamentally a data and search problem. According to Elastic Security Lab’s Global Threat Report for 2022, cyberattacks are becoming more diverse, enabling hackers to bypass an organisation’s security defences and stay undetected for longer. Organisations need to be able to search through huge tracts of data to find vulnerabilities and mitigate them quickly. The other crucial element is creating a holistic, cohesive environment where everyone in the organisation is engaged in the process.
The task of improving business operations and keeping IT networks secure starts with the data organisations collect. The same data and systems used to improve user experience can also keep an organisation safe from cyberattacks and ransomware. However, if organisations cannot quickly surface key insights, they will be at a disadvantage.
At Elastic, our search solutions are designed around a single data analytics platform that enables organisations to search, observe and protect their business. To stay ahead of cyber-threats, Elastic’s threat team continuously research security topics to improve our products, then share their learnings with the wider security community, helping to increase collaboration and foster workplace environments that are better at mitigating attacks.
As the company’s vice-president for public sector across the UK and Ireland (UK&I), I lead a team who work with government departments and other agencies and public bodies, and empower them to make better use of their data, both to improve their own security and to benefit the country.
We help organisations unify their data on one centralised platform. This enables separate teams or departments to significantly reduce technical debt – when speed of software development is prioritised over well-designed code – by eliminating the need for multiple tools across the organisation. This allows organisations to address multiple challenges at once, break down silos separating teams, reduce duplication of effort, and ultimately improve efficiency and save money. By working through one system, organisations can harness and pool the skill sets of different individuals, helping them to develop a cohesive, collaborative approach to cybersecurity.
A great example of how we help organisations take a data-centric approach is our work with the NCSC, the government’s cybersecurity arm. Using Elastic’s search platform, the NCSC built a free, open-source tool called Logging Made Easy (LME), which is available on its website for any organisation to download and use. This software is a simple solution to help organisations get started with logging: recording all events in an organisation’s IT network, from emails to logins to firewall updates – a crucial first step in strengthening cybersecurity. While not a full solution to an organisation’s needs, LME means it has a starting point from which it can build with more sophisticated software in future.
Alongside focusing on centralising their data, organisations also need a platform that enables them to search through their data easily and at speed. We’ve helped organisations adopt a platform-based approach that means they can sift through huge amounts of data very quickly. For example, global technology company Cisco’s cybersecurity team monitors billions of emails daily, of which a significant proportion are spam. Using Elastic’s unified data analytics platform, Cisco can successfully search these emails and find crucial information relating to cyberattacks at pace.
But strengthening an organisation’s security posture is more effective when you can also observe its IT infrastructure thoroughly. As an enterprise conducts business, its infrastructure systems, application logs and customer interactions generate information. Searching through this operational data and finding valuable insights will make organisations more self-aware and proactive.
Observability solutions allow teams to identify issues at their source and quickly improve the performance of their systems. HMRC’s multi-channel digital tax platform (MDTP) is a digital platform that brings together hundreds of public services in one place, including tax services and Covid-19 schemes, such as the Coronavirus Job Retention Scheme and the “Eat Out to Help Out” scheme. Many people use the MDTP for different services at any given time, so HMRC must be confident that the platform can stay up and running for all those users. Using Elastic’s observability solution, the department can ensure that it can search this complex landscape at speed to find critical information, preventing the site from going down.
Ultimately, improving an organisation’s security posture comes down to successful data handling and collaboration – by investing in tools that can aggregate, centralise and make better sense of data, organisations can empower all employees to work together to tackle cybersecurity threats. Reducing silos is key to establishing good cybersecurity practice at any organisation, and we are keen to play our part in this. Elastic holds regular meetings with public sector organisations where we discuss how to tackle the evolving threat landscape. Get in touch to find out more by emailing ukgov@elastic.co.
This advertorial was first published on 18 November 2022 in our print Spotlight report on cybersecurity. Read it in full here.