Connect with us

Hi, what are you looking for?


Incident Response

Public and Private Sector Security: Better Protection by Collaboration

Bringing the resources of government and the private sector together to share knowledge creates a high-definition picture of cyber threats

Bringing the resources of government and the private sector together to share knowledge creates a high-definition picture of cyber threats

Over the last three years, we’ve all grown to rely on critical infrastructure for basics such as power, water and connectivity that allow us to work remotely or logistics networks that keep shelves full and economies on track. This reliance has made infrastructure a target for cyber-attacks, and we’ve seen increased attacks on power grids and electricity providers, as well as attempts to take down banking systems.

Some attacks, such as those on the banking industry, are targeted toward the private sector, but often we also hear about breaches in the public sector and government. Both sides are investing in protecting these critical assets. Still, there are areas where governments can learn from the private sector and vice-versa, which will help both sides adapt more quickly and effectively to a continuously evolving threat environment.

Protect What Needs Protecting

The old approach to securing information was to apply a blanket protection level to everything, which is still followed by many government organizations today. The private sector has recognized that this is not practical; too much protection slows down the response to a breach. It makes it more challenging, therefore slower, to identify the incursion point.

The best way to protect information is by considering the concept of ‘key data’ only. Different types of data require different levels of protection at points in the lifecycle. This sounds complicated, but it’s not.

Consider a product launch; whilst under development, this process is secretive. Documents are highly guarded as to have them leaked into the public domain would jeopardize any competitive advantage, and the highest levels of protection are essential. Then on launch day as this information moves from secret to public, the protection can be removed as everyone now knows about the product.

Advertisement. Scroll to continue reading.

Governments could learn from the private sector levels of protection that can be adapted across the lifecycle of information, making management easier, speeding up detection and, should a breach occur, high-risk items are more identifiable to the security team.

Shared Knowledge is a Good Thing

Governments use intelligence to gain insight into threats at a national or international level. An example of this is working with agencies to maintain a broad vision of which threat actors may be planning attacks targeted at country or regional levels. The private sector leverages intelligence to spot industry or vertical level threats, watching for the latest potential DDoS, ransomware or software vulnerability that could impact business.

Bringing these resources together to share knowledge would create an almost high-definition picture of cyber threats in real-time. We have seen this happening in some countries, for example, the United Kingdom National Cyber Security CiSP, but this is only a start. More initiatives are needed worldwide to help both sides build trust and become happier to co-operate in the future. 

Security by Design is Imperative

“It started with a click” sounds like the opening of a song, but refers to how more than 90 percent of successful malware and ransomware campaigns start their attacks. We live in a world of click, like, swipe and move-on access to online information. Unfortunately, it’s all too frequent that people respond to emails, online campaigns or messages without putting online safety first.

This challenge would be impossible to eliminate, but the risks are reduced as more vendors design security into their solutions and devices. However, some vendors of cheaper products still overlook security in the excitement of getting to market early. These products are then purchased at a low cost by users who feel that voice-controlled egg-timing is an essential kitchen tool, without realizing that this device is broadcasting their Wi-Fi password to anyone who wants it!

Governments can help address this, with some U.S. legislation changes in recent years for security standards in IoT devices, and other regions adopting principles to increase public awareness of online security, including the U.K. and Australia (PDF). These are a start, but there is an opportunity for governments to enforce direction that will make security by design an imperative rather than an option.

Working Together is the Best Future

These are just a few areas in which private and public sectors working together effectively can make a difference. In most cases, the need is not for anything new – but better and more regular collaboration. Technology is crucial today to support business, personal, financial and even environmental requirements, and this is not going to change. In fact, as overall reliance on technology increases, cybersecurity will become an even more significant challenge – government and the private sector carry a shared responsibility to face the challenge and threat together.

RelatedThe Rising Importance of Research Communities for Industrial Cybersecurity

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.