Threat Hunting and Security Monitoring for Public Sector

James Ambrose, Head of Public Sector Sales, reviews the threat hunting requirement part of the recently published Government Cyber Security Strategy. He covers:

• • Challenges

• • Solution

• • Applications

• • Summary

The UK is one of the most digitally advanced countries, putting organisations and people at an increased risk of cyber crime. Additionally, the NHS, Government, Blue Light and Education are under immense strain following the pandemic, and the last thing they need is to be hit by a ransomware attack. Cyber security is continually evolving, and getting it right has never been more important for the Public Sector.

The Sophos State of Ransomware in Government 2021 report advised that 40% of central government and 34%of local government organisations were hit by ransomware in the last year. It’s a massive problem and a costly one too. It is estimated that after a ransomware attack, the average cost was £1.02 million for central government and NDPB and £1.22 million for local government organisations.

According to the 2021 Verizon Data Breach report, more than 25% of breaches took months or longer to discover. Months inside a network is enough time to impact critical services and disrupt key data.

Challenges

Skill Shortages

There is a critical gap in the skillset needed globally to deal with the increasing levels of malicious cyber activity. The shortage is increasing hiring costs. However, IT teams in the public sector are struggling to obtain the funding to attract the expertise needed to deal with the threat so they become an even bigger target of such activity. True 24/7/365 coverage is required within the Public sector with the malicious actors operating worldwide.

Financial Strain

Public Sector IT budgets were under pressure pre-pandemic. Key operational and public-facing services need more investment, so obtaining budgets to take a proactive cyber security approach has become even more challenging. Nevertheless, prevention is more cost-effective than the cure if an attack does occur.

Solution

Sophos MDR (Managed Detection and Response)

Sophos MDR provides organisations with a 24/7 team of threat hunters and response experts to

• • Proactively hunt for and validate potential threats and incidents

• • Use all available information to determine the scope and severity of threats

• • Apply the appropriate business context for valid threats

• • Initiate actions to remotely disrupt, contain, and neutralise threats

• • Provide actional advice for addressing the root cause of recurring incidents

Sophos MDR fuses machine learning technology and expert analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate threats with speed and precision. This fusion of Sophos’ consistently top-rated endpoint protection and intelligent EDR, with a world-class team of security experts, results in “machine-accelerated human response.”

Keeping control of IT is key to the public sector, maintaining control and delivering 24/7/365 threat hunting is key. Sophos MDR comes with 3 options at deployment, ensuring full control remains with the customer:

Notify: Sophos notify you about the detection and provide detail to help you in prioritisation and response.

Collaborate: Sophos work with your internal team or external point(s) of contact to respond to the detection.

Authorise: Sophos handle containment and neutralisation actions and will inform you of the action(s) taken.

Applications

Healthcare

Patient safety and welfare is a key factor within Healthcare. It is vital that patients have access to medical facilities and that the NHS staff have full access to patient data to deliver treatment. During conversations with one of the Ambulance trusts, it became clear that they felt they needed to support their IT department with 24/7/365 human-led threat hunting. This would not have been possible for them if they had to build their own service from scratch due to costs, so they chose Sophos MTR (Managed Threat Response) after a lengthy review process.

Education

The pandemic changed the way children learn and teachers deliver. Technology is now a key factor in our Education system. Therefore, keeping student data safe while maintaining education is critical. We recently helped deliver Sophos MTR (Managed Threat Response) into one of the countries leading independent schools. They were not willing to risk downtime due to ransomware attacks, so they decided to be proactive rather than remediate any severe impact on teaching.

Housing Associations

Social housing is and will always be an essential service within the UK. Helping people who need assistance and supporting the vulnerable, makes resident data and its security key. At CyberLab, we have helped some of our Housing customers cover the skills and resource gap within the IT space. Working closely with our key partner Sophos, MTR (Managed Threat Response) has been implemented, giving them the peace of mind their systems are being tracked and monitored for the latest threats and malicious activity 24/7/365, keeping residents safe.

Summary

The Government Cyber Security Strategy highlights the need for the public sector to go beyond the traditional security approach. As the Public Sector integrates further and takes advantage of digital transformation, 24/7/365 coverage becomes necessary. Sophos MDR allows customers to maintain control whilst covering the skills gap and maintaining security, protecting vital services and data.

We are proud to serve the Public Sector customer base with customers in NHS, Government, Blue Light, Housing and Education. As the Sophos Public Sector Partner of the Year 10 years in a row, one of the most accredited Microsoft partners in the UK and a team of more than ten CREST and CHECK certified penetration testers, our security team will continue to support you on your cyber journey. So please reach out for a conversation about how we can help you protect your data.