Bridgeworks CEO and CTO speaks to GPSJ (Government Public Sector Journal) about solutions to protect and defend significant amounts of public sector data. Page 44.
Spring 2024
The number of data breaches so far this year in 2024 is staggering. Neil Ford, writing for IT Governance Blog, reports that there have been “35,900,145,035 known records breached so far in 9,478 publicly disclosed incidents.” The most breached sectors include IT services and software (at least 5.4 billion breaches), with 2.13 billion of them being denoted as ‘public’ by known records breached.
Furthermore, the public healthcare sector disclosed 435 incidents (17% of all breaches). There were a further 419 ‘public’ cases, representing another 17% of publicly disclosed breaches. One of the public sector breaches mentioned occurred at the Far Eastern Centre for Space Hydrometeorology (Planeta) in January 2024. This involved up to 2 petabytes of data being breached. The worst month for breaches was at the start of the year, with over 29.5 billion records being breach during January 2024, followed by April.
Detrimental impact
Data breaches have commercial, personal and financial consequences. For example, the UK’s Information Commissioner, John Edwards, “has condemned data protection standards at health services for people living with HIV and has called for urgent improvements.” This announcement was released at the end of April 2024 and follows several data breaches. Organisations working with people living with HIV had also raised concerns.
In his statement, he says: “The ICO takes each one of these data breaches very seriously and recognises the detrimental impact they can have on the lives of those affected. We are making sure that the improvements we all want to see, such as better training, prompt reporting of personal information breaches and ending the use of BCC for sensitive communications, are being implemented as swiftly as possible.”
The BBC also reports that children’s mental health records were published following a cyber-attack. It reports on 7th May 2024: “A ransomware group targeted the health board earlier this year and has now published a large volume of patient data on an area of the internet called the dark web.” The most crucial concern of all is the possible threat to the children’s security. However – and thankfully – it’s likely that the hackers weren’t able to access entire medical records. Nevertheless, it has led to a call for more transparency and honesty within the NHS in Scotland about such incidents as this.
Endangering lives
Other data breaches this year include the hacking of “thousands of past and present members of the armed forces,” says Civil Service World. This occurred when the Ministry of Defence’s payroll system was hacked. UK deputy prime minister, Oliver Dowden, pointed the finger at China as being responsible for two cyber-security attacks in March 2024 – including one against the Electoral Commission. However, CSW’s report doesn’t make it clear as to whether China is responsible for the attack against the MOD. However, such a breach could still put lives in danger.
Data breaches can attract penalties under the UK’s GDPR. The Information Commissioner’s Office (ICO) says: “For serious breaches of the data protection principles, we have the power to issue fines of up to £17.5 million or 4% of your annual worldwide turnover, whichever is higher. In line with our regulatory action policy, we take a risk-based approach to enforcement.”
Arguably, it’s therefore better to protect data than to deal with the consequences of data breaches. This should involve keeping the most sensitive data, whenever deemed essential, being air-gapped. Data shouldn’t be stored in just one location, but inasmuch as three. Public sector organisations that have SD-WANs should also invest in a WAN Acceleration overlay. It will not only mitigate the effects of latency and packet loss, but also obfuscate cyber-criminals wanting to divert and steal data. After all, the public sector clearly needs a better solution than it has to protect itself against data breaches.
Click here to read the article on GPSJ.com.