The scale and severity of cyber security threats continues to rise, with the NCSC (National Cyber Security Centre) reflecting on the use of Artificial Intelligence (AI) to increase the volume of and impact of these attacks. Recent news has shown the significant effects that can arise in supply chains for outsourced IT, with three Kent councils being impacted.
Key Points
- Public facing services in local government are high profile targets, with risk of significant disruption to services.
- A mature Cyber Security Management System (CSMS) aligned to good practices set out by the NCSC can be a vital tool in understanding where gaps exist.
- Annual penetration testing can be a false assurance unless it is supported with additional, frequent vulnerability scanning.
- Efficacious Incident Management which aligns with robust business continuity planning is vital to reducing the potential disruption from a cyber-attack.
- Out-sourced IT requires effective Service Level management, which should include review of resiliency and redundancy. To be effective, this should also link to accepted and agreed tolerance levels for critical IT services as defined in the service catalogue.
- Contact TIAA Digital for independent advice and guidance on pro-active measures that can be bolster cyber security.
Links
https://www.ncsc.gov.uk/news/global-ransomware-threat-expected-to-rise-with-ai
Advised Action
Executive boards and Audit committees are advised to seek assurance on the effectiveness of their organisation’s Cyber Security Management System, including incident response at IT providers. Further assurance should be sought by regular vulnerability scanning of critical IT services.
Please Contact Us for independent advice and guidance on pro-active measures that can be bolster cyber security.