Finding the Right Cyber Partner is Priceless

In the modern present day, it is vital that public sector leaders continuously develop their knowledge and options when it comes to effective cyber security solutions. Criminals are constantly improving their armoury of tools and tactics to leverage either money, data, or both.

Now, throw in the vision of improving services to the public with catalogues of new digital products that fill the cloud(s) with data, and you’ve got the perfect storm. Like a true warrior, you can now pull that double-edged shiny sword from your baldric, and march into the battlefield observing the ‘improved services to the public’ skirmish with the ‘increased security risks to people and data’.

Setting up the game to win

Like anything else, there are strategies you can adopt to achieve your objectives and one of these includes finding the right people. There are specialist cyber security consultancies that span multiple industry sectors and provide complex solutions for a diverse range of problems. Many of their business opportunities fall at the first hurdle based upon cost or budget limitations however, the decision to contract such teams can often be assessed in the wrong way too. It is very typical for the negotiation discussion or proposal to omit invaluable key points. Think about the cyber security skills shortage, or maybe the fact that the team have worked in seventeen different industry sectors all with different problems to solve. Or, how that team have built up collaboration skills over ten years supporting their clients and would be now considered as expert facilitators, but who really talks about that? Those are all real problems that you need to fit into a cyber security sandwich, typically in between the slices of threat, vulnerability and risk.

So, just a flavour of current issues….

It is quite typical for public sector organisations to have complex infrastructure that supports different teams and assists with access and collaboration. To engineer and maintain such spaces can often require multiple vendors, applications, and software.

The use of ransomware is a significant threat to the public sector due the extent of old technologies that have been patched together over a number of years, and this stretches over Government, local authorities, health providers and the education sectors too.

The volume of attacks remains significantly increased. A Hiscox Cyber Readiness report (2021) identified the proportion of businesses targeted by cyber criminals increased from 38% to 43% in just twelve months across both public and private sectors. The well-established insurer produced the findings from a study of 6,042 organisations spanning eight nations. The findings also show a response to this and highlight that mean spending on cyber security per organisation has doubled in the last two years.

Some public sector professionals have been working remotely for some time now and this invites a range of associated risks. In many cases, staff are not fully aware of the security threats resulting in individual, team and organisational vulnerabilities.

Yes, it is quite a busy game at the minute, and it would be fair to say, in many cases, assistance is most probably required. If you get this one wrong, there is every chance it will cost you.

So, what do you look for when partnering with a cyber security provider?

A first point of assessment might be to see what company accreditations are present. There are numerous quality kitemarks and accreditations which have strict assessments in place. This takes out some of the due diligence work for you. As a good starting point, CREST accredited companies have to be assessed for particular skills they can provide however, there are other accrediting bodies too.

Check providers to see what services they offer. But why? There are countless Penetration Testing companies in the UK that simply just offer penetration testing, which is fine, if you just need a penetration test. What do you do if your job is to improve cyber security across your organisation? You need a team that can implement testing into a complimentary improvement process that holistically looks at cyber security for your whole organisation.

You will probably need an experienced support team that is used to new problems and innovative in their solution design, that might mean, just a little bit more than penetration testing.

Honesty, integrity, and loyalty should all be non-negotiables when it comes to any kind of partnership. Be sure you can assess the potential partner on these aspects. A good method here is to look at their current client portfolio, pick a similar type of organisation to you and look to gain a recommendation or reference.

Finally, ask the partner what research and development projects they are involved in. Ask them how they develop their staff. If there is one sector that has no option but to continuously learn, it is cyber security. If you find you can’t assess any recent research and development activity, or that it is not obvious they develop their staff, it might not be the partner for you.

Finding the right cyber security is priceless.