Digital security

5 cyber security trends that will dominate the public sector in 2016

By: Stuart Reed, Senior Director at NTT Com Security
Published: Tuesday, January 5, 2016 - 11:00 GMT Jump to Comments

Another year almost over, another year of high profile breaches. No industry is immune from a cyber attack, and this is includes the public sector. Given that public sector organisations collect, store and use large quantities of valuable and sensitive data, it is no surprise the industry is now the number one target for malware attacks in the UK.

In fact, our 2015 Global Threat Intelligence Report (GTIR) shows that 40% of malware attacks in the UK were against public sector organisations – three times more than the insurance sector (13%) and fives times that of the media and finance sectors (9%).

Cyber security is now at the forefront of our minds, but there is still more to be done. Firstly, public sector bodies need to accept that they have information that would be of interest to cyber criminals looking to take advantage of any weaknesses in their defences.

They also need to take data security more seriously, recognising it as both good practice and a business enabler. Here are five cyber security trends the public sector should watch in 2016:

Not enough action and too much reaction

This year’s high profile breaches underline the need to take action ahead of a breach, putting in place best practice which in turn underpins a coherent plan for incident response. With executives increasingly coming into the spotlight when things go wrong, including CIOS and CEOs, taking action over reaction must go to the top of every 'to do' list for the boardroom agenda.

Back to basics

A fully effective incident response relies on robust preparation and good practice. Processes, procedures and awareness are essential ingredients for risk mitigation, along with the right technologies to help protect from and detect any malicious activity.

The 2015 GTIR highlighted the need for organisations to concentrate on getting the basics right. It showed that a staggering 76% of the vulnerabilities identified had been known for two or more years. Nearly 10% were over 10 years old. Getting the fundamentals right that put risk in context for organisations is the foundation of a coherent and thorough response plan.

Intelligence-led approach

There will be a much greater emphasis on intelligence-led security, as traditional technologies fail to deliver tracking of security incidents and behaviours and are simply unable to analyse the huge amounts of data from across an organisation’s network. We will see more widespread adoption of real time monitoring and advanced analytics with businesses responding quickly to incidents based on clear actionable intelligence.

The resurgence of phishing

Vigilance around phishing emails, particularly spear phishing (targeted attacks), will be important in 2016. Phishing is not new, although cyber criminals continue to capitalise on opportunities in the market.

For example, with recent high-profile breaches of customer data, those affected may legitimately expect an email from the organisation concerned on what action they should take (e.g. changing password credentials).

In these instances, phishing is likely to be rife and it is easy to take these emails on face value. All relevant (and legitimate) information should be on the organisation’s own website.

The ‘Visibility of Things’

The Internet of Things is most often linked to consumer goods, but it is becoming a more common idea within the public sector. From a security perspective, these new connected devices must be managed in line with an organisation’s overall security strategy.

This will lead to the ‘visibility of things’, the need for organisations to monitor devices and the way they are being used. Again, the 2015 GTIR noted that the security perimeter is shifting, with seven of the top 10 vulnerabilities identified at the end-user level. While the Internet of Things can offer business value, the risks must be balanced against the benefits.

The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of The Information Daily, its parent company or any associated businesses.



Outdated infrastructure and an increasingly fragmented market threaten the future of technology-enabled integrated care.

County Durham voters back devolution in the North-East, Sir Digby Jones considers run for West Midlands mayor…

The recent launch of The Mayoral Tech Manifesto 2016 on London’s digital future, sets out a clear agenda…

The manufacturing industry is currently facing scrutiny from parties concerned for its survival. Far from facing…

Almost a year ago, I made some predictions for what would take place in government and public sector customer…

Sheffield, Warrington and Doncaster announce cuts, Lincolnshire is held to data ransom, fight begins for West…

Working for an education charity delivering numeracy and literacy programmes in primary schools, I’m only…

Northamptonshire County Council recently received the maximum four star rating from Better connected after putting…

Historically, the entrance of new generations into the workplace has caused varying levels of disruption. The…

Following another commendation for digital services, Surrey County Council's Web and Digital Services Manager,…

We cannot carry on spinning the roulette wheel that is cyber security, knowing that the “castle and moat”…

This week David Cameron wades into row over £69m of cuts planned by Oxfordshire CC; Stoke on Trent plans…