Public Sector

Security challenges facing the public sector

  • The threat of cyber-crime is very high

  • Stakes are high

  • A very digitized Denmark

  • The mismatch between the private and public sector

  • GDPR

  • Legacy security mindset is deep-rooted within the culture

 

The threat of cyber-crime is very high

According to Forsvarets Efterretningstjeneste, the threat from cyber-crime is very high. Cybercrime is a global phenomenon that also affects Danish authorities, companies, and citizens. There is a particular threat from cybercrime aimed at blackmailing money from authorities, businesses, and citizens. There are cyber-criminal networks that work organized and long-term, and state-supported hackers are sometimes also behind cyber-crime.

 

Stakes are high

For the public sector, the stakes are high. The proliferation of hackers, inevitable human errors, bring-your-own-device (BYOD) initiatives, and the ever-broadening need to share information weigh heavily on government and education organizations, and consume substantial resources. The Pentagon, for example, has proposed to spend $23 billion on network security initiatives through 2018. This sounds like a large sum until you consider the scope and importance of the U.S. government information resources this investment must protect.

 

A very digitized Denmark

Denmark is one of the most digitized countries in the world, and digitization is a crucial means in the development of the public sector. This makes us particularly vulnerable to cyber threats, and there is, therefore, a great focus on raising cyber and information security across the sector, including through the development of the national strategy for cyber and information security.

 

The mismatch between the private and public sector

Threats to our cyber-security are treated and perceived differently by public and private actors. Thus, important knowledge is lost. The private sector has increasingly become an important partner in addressing the security challenges of everything from terrorism to climate change. The importance of the companies as co-responsible partners is particularly evident in relation to the cyber threat. However, a new council will strengthen public-private collaboration on cyber-security. As part of the recently concluded agreement on a bill on the Center for Cyber Security, it has been decided to establish a Cyber Security Council.

 

GDPR

In recognition of the threat of cyber-attacks to businesses and public services, the EU has established The Network and Information Systems (NIS) directive in 2018.

Much of the NIS is aimed at helping organizations establish best practice for data security. However, in line with the serious consequences of data security breaches, from economic and social damage right up to and including loss of life, it also out penalties for data security infringements on a par with, if not stricter than, the new General Data Protection Regulations (GDPR): up to €20m or 4% of turnover for private sector businesses.

 

Legacy security mindset is deep-rooted within the culture

Security functions with an old school approach to working are still the norm and digital departments can find it difficult to collaborate. For example, the security function mandates heavy documentation and vetting processes which often fly in the face of the agile principle of working software over comprehensive documentation.

Another challenge is that some security managers are not familiar with the latest technology and methodologies, which makes it difficult for them to assess risks and make recommendations.

Sources:

Centre for Cyber Security (Forsvarets Efterretningstjeneste)  I  Cisco  I  PWC  I  Finansministeriet  I  BSI Group  I  Capgemini