Cyber security for the public sector
In a time when the impact of the Covid-19 pandemic is still being felt, resources are being stretched thinly. Unfortunately, cybercriminals continue to target the public sector, who are often perceived as having out of date security software and a workforce who is too busy to prioritise cybersecurity training. Healthcare providers in particular are susceptible to cyberattacks.
Current advice is clear: public sector organisations must mitigate against cyber security threats by investing in regular penetration testing to highlight any weaknesses. At Trustmarque, we know that this ensures the ongoing confidentiality, integrity, and availability of the vital business systems that underpin resourcing, digital records, and end-user support. Evidently, this rich store of data makes them highly prized targets for rogue, malicious, external threats, as recent NCSC guidance shows us.
Case Study
The Challenge
Responsible for maintaining the availability of healthcare and the privacy of sensitive clinical medical personal data, health and social care providers across the UK have an enormous burden to carry. With that in mind, as part of their ongoing cyber security programme, this particular customer recently commissioned Trustmarque to perform an independent security assessment of their internet-facing systems.
“We’ve always invested heavily in maintaining our cyber security measures, we owe it to our patients and staff to keep their personal records safe. Penetration testing allowed us to pinpoint exactly where we may be vulnerable, and how we can continue to protect the public interest.”
Head of IT, Scottish NHS Organisation
The Solution
Trustmarque presented the customer with a security testing service to test their public-facing internet systems with an external penetration test. Delivered from a ‘black box’ perspective to replicate the threats posed by a rogue, malicious external threat, the assessment launched a non-destructive mock attack with no pre-existing knowledge of the systems except a list of IP addresses.
Following the assessment, Trustmarque provided a detailed report of the potential security flaws and previously unknown issues ranked according to their severity. With these findings, Trustmarque were able to guide the team by showing where to invest resources in the assurance of their digital estate.
“Not only did Trustmarque’s penetration testing services give us a swift diagnostic report, we were also handed a list of tangible recommendations. This invaluable exercise has given us a clear path to achieving our cyber security objectives, and Trustmarque supported us along the way.”
Head of IT, Scottish NHS Organisation
We worked closely with this organisation to ensure they received the most appropriate assessment for their situation. Penetration testing is a core and routine activity performed by Trustmarque’s in-house Security Testing Practice. Our penetration testing team is certified under both the NCSC CHECK scheme and CREST, the Council of Registered Ethical Security Testers. In addition, we hold ISO 27001, ISO 9001, and Cyber Essentials.
“This significant assessment was performed in line with Trustmarque’s established security testing methodologies which have been developed over many years. The aim of the assessment was to identify any weaknesses or security vulnerabilities which could lead to a network compromise, advising and consulting with the key technical team throughout the process.”
Phil Addison, Penetration Testing at Trustmarque
Speak to us about cybersecurity for the Public Sector
Whether you’re looking for a new cybersecurity partner or need some guidance on where and when to begin, we can help. You can explore our services in greater depth with one of our experts who will recommend which ones would be suitable for your organisation’s circumstances, business objectives and obligations.