Geoff Connell, president of the Society for IT Practitioners in the Public Sector (Socitm), told PF that the international ransomware incident, which have affected 60 NHS organisations since Friday, was a “wake-up call” to the whole public sector.
“The risk is getting higher. It’s the right time to push the agenda,” he said.
“There’s no doubt that [cyber security] is getting more and more of a challenge. The threat surface is getting larger, there are more actors and the tools they can use are getting larger and cheaper, so the reality is it’s only going to get tougher.”
While the performance of local authorities was, in general, fairly good, Connell, who is chief information officer at Norfolk County Council, said there was a major need to ensure senior management teams were aware of the risks. “It’s a top four national risk,” he said.
“It’s about learning. For some authorities, this will have been a near miss. It’s the ideal time to take stock and say: OK, we weren’t impacted this time, how do we ensure this continues to be the case in the future?”
Collaboration between authorities was essential. “If you’re a small district authority with 6-12 staff and you can’t afford a cyber security professional of your own, it’s absolutely critical to work in partnership with neighbouring counties,” he told PF.
Connell added that, with more council services being put online and residents increasingly self-serving, any negative press around cyber security could dent public confidence.
He added that Whitehall understood the seriousness of the threat, which had been demonstrated by the establishment of the National Cyber Security Centre and drawing up the new cyber security strategy.
Central government activity in this area was “very positive”.
