Despite global IT security spending peaking in 2016 at $81billion which represents a 7.9 percent increase on 2015, local government organisations in the UK have seen a 14 percent increase in the number of reported data breaches. Local government was second only to the UK health sector when measured by the total number of reported data breaches.
2,048 reported breaches...
According to a freedom of information request by Huntsman Security, approximately 70 percent of breaches reported by local government were due to the disclosure of privileged client data in error. Overall data breaches across all sectors rose by 88 per cent between April 2014-15 and March 2015-16, with 2,048 incidents reported to the Information Commissioners Office (ICO).
UK data breach landscape...
After local government and health, the sectors reporting the highest number of breaches were education, general business, charities and legal practises. The finance sector accounted for just six per cent of all reported breaches attracting 33 per cent of the financial penalties issued by the Information Commissioners Office. Utilities companies reported just two security breaches to the ICO during the period.
The impact of GDPR on public bodies...
With the General Data Protection Regulation (GDPR) on everyone’s horizon, how will public sector bodies engineer themselves to mitigate the threat of breaches. With fines increasing from the statutory maximum that can be applied locally by the ICO of £500,000, under the new GDPR regime fines are calculated based on an organisation’s annual revenue. How will this apply to a public body which does not have a revenue number. On questioning the ICO last week, a policy is yet to be created and agreed with the EU that can issue fines of up to four percent of global revenue.
During Q1 2016/17 (April to June 2016) the ICO issued four major monetary penalties including:
- Chief Constable of Kent Police for £80,000
- Blackpool Teaching Hospitals NHS Foundation Trust for £185,000
- Chelsea and Westminster Hospital NHS Foundation Trust for £180,000
- Chief Constable of Dyfed Powys Police for £150,000.
During the same timeframe the ICO received 545 new cases, an approximate 22% increase on the number of cases received in the previous quarter, 448. The ICO commit to continually working to analyse the reasons behind any fluctuations they observe.
The ICO doesn’t just investigate breaches and apply fines, they also offer advice to organisations to remediate the possibility of further breaches offering the following advice:
- design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach
- be clear about who in your organisation is responsible for ensuring information security
- make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff
- be ready to respond to any breach of security swiftly and effectively.
Implementing technologies that reduce an organisation's attack surface and helps reinforce security strategy is essential. But technology alone cannot prevent every threat, it is always worthwhile investing not just in the technology itself, but ensuring that it is correctly implemented.
WALLIX creates solutions that manage privileged users in an organisation, securing access to information systems and devices, plus delivers complete visibility and auditing of their actions, helping meet compliance requirements whilst keeping data secure.
For more information, visit www.wallix.com.
