Technology Record - Issue 31: Winter 2023

take swift action whenever a breach occurs. They must be fully transparent about the affect and what was exploited – to the extent they can share without compromising the ensuing investigation – and how this could impact individual citizens. To regain public trust, they should also outline all the steps they have taken to remedy the situation and how they will work to prevent a similar attack occurring in future.” Back to basics Data from various sources suggests cybercrime will continue to skyrocket. Microsoft research shows cybercriminals are launching around 4,000 password attacks every second and that ransomware attempts have increased by more than 200 per cent since September 2022. Meanwhile, Gartner predicts 30 per cent of critical infrastructure organisations will be breached by 2025. In tandem with this, government agencies are increasingly investing in technologies such as the cloud, generative AI, machine learning and digital twins to optimise their operations and improve the way they deliver services to citizens, which is increasing the attack surface. The Microsoft Digital Defense Report 2023 indicates that implementing simple security solutions and well-developed cyber hygiene practices empowers organisations to prevent 99 per cent of attacks. For example, they can deploy multifactor authentication to stop user passwords being compromised, apply zerotrust principles to strictly manage access to their digital estate and continuously monitor their IT environment, and use anti-malware and extended detection and response solutions to rapidly detect and respond to threats. “Hackers will exploit any vulnerability, so it’s essential for organisations to keep all systems up to date and invest in all the basic tools to minimise the attack surface,” says Arthur. “Zero trust is particularly important and should be core to any cybersecurity strategy. Not only does it enable organisations to prevent external attacks impacting their digital estate, but it also ensures employees can’t accidentally – or intentionally – introduce new threats internally. Plus, zero-trust frameworks allow organisations to automate routine security tasks, freeing up their people to focus on managing critical threats.” Now that attacks are becoming more frequent, complex and sophisticated, however, governments must invest in more advanced cyber defence solutions. “Governments are collecting more data than ever before and they’re battling against an increasing number of cyberthreats, so it is now impossible for their staff to analyse all of this information quickly enough to successfully block every attack,” says Arthur. “Instead, they need hyperscale cloud, digital technologies and FEATURE 134 Photo: Wikimedia/FritzDaCat Around 1,600 employees and 16,000 citizens were unable to access key services when the IT system of Sweden's Kalix municipality was compromised by a large-scale ransomware attack