An old idiom warns that when collecting eggs from your hens, don’t put all of them in one basket. With one accidental tumble, all the eggs would be gone, with no backup plan. A similar lesson can apply to data security.
Focusing on the cybersecurity system, without investing in securing the data itself, can lead to vulnerabilities. As cyber threats grow, this is the time for governments to reinspect how they are securing their most sensitive data.
Michael R. Anderson, Chief Strategist, Public Sector, Informatica, highlights two next steps for securing citizen information.
The threats to data security
Just looking at recent newspaper headlines will tell you that the cyber threats to sensitive data are “unlikely to let up anytime soon,” Anderson shares. For example, the Russia-Ukraine conflict led to new warnings over cyber threats, shared the Singapore Computer Emergency Response Team.
Even though Singapore is geographically distanced from the conflict, the nation “advised local organisations to beef up their cybersecurity posture,” said Josephine Teo, Minister for Communications and Information.
Historically, many attacks on government systems are conducted with the intent to steal sensitive data, regarding healthcare or security, Anderson highlights. When successful, these attacks result in billions of lost dollars due to fraudulent activities, identity theft, and data misuse.
There are also indirect impacts when breaches to sensitive data happen. The public loses trust in government, and the government’s influence across diplomatic, informational, military, and economic sectors is reduced.
How then can agencies ensure that their data is secure? Anderson shares two ways.
Step One: A changing focus
The first step to securing sensitive data is to give it the attention it deserves. Too many agencies tend to focus primarily on the overall cybersecurity systems that manage user access, Anderson highlights.
Information security starts with ensuring that data isn’t misused or misplaced. “Savvy agencies know it’s imperative to guard sensitive data — the crown jewels,” Anderson continues. Organisations have to continuously look out for how sensitive data is kept private, he explains.
One example of this is the Driver and Vehicle Standards Agency, a UK Government organisation that collects data on driving tests, instructors, and vehicle testing. It was struggling to comply with new regulations regarding data privacy and data protection, Informatica shared.
The organisation stored data in different locations, with no central system to manage the information. This led to inconsistent data, which made decision making and following new data protection measures more difficult.
The agency decided to shift its focus to data. It worked with Informatica to develop a centralised hub of information, which “helps us ensure that best practices are maintained across all projects when it comes to the creation, movement, storage, and use of data,” said Kris Marshall, Head of Data at the agency.
This new approach is “giving us clear accountability and enhancing our ability to help keep citizens safer,” Marshall added.
Step Two: Seeing is believing
The second step is to increase visibility over sensitive information. This means an organisation knowing exactly the data it has, who owns it, where it came from, who touched it, and who has access to it, Anderson explains.
Visibility is vital as government agencies struggle to track how users access data, and find it difficult to share timely responses when citizens request to view data. Combining these struggles with the security risks of shifting from on-premises to the cloud presents “a daunting task,” he says.
The public sector can adopt the “secret sauce” — AI and automation, to boost data visibility, Anderson says.
AI tools can detect when users are misusing data and keep track of how users are sharing data across an organisation. They can also help to highlight security vulnerabilities where inappropriate access is possible, Anderson adds.
Automated tools analyse the relationship between datasets, match related data and make sense of previously “unstructured” information, Anderson explains. The AI can highlight anomalies automatically, rather than users seeing only the information they ask for. This allows agencies to have a much greater insight into the data they have, he adds.
In a time of rising tensions and with cyber threats growing in quantity and capability, the spotlight is on sensitive data. Governments can rise to the occasion by focusing on their data strategy, which will keep sensitive information under lock and key.
Find out more about the best strategies for securing and managing sensitive data at the ‘Delivering Public Services with Trusted Data’ webinar on April 27 @ 3:00 pm – 4:00 pm SGT. Register here.