The problem, he says, is that public sector institutions are just not walking-the-walk (to steal a phrase from John Wayne, Infosecurity notes) when it comes IT security
Alge adds that cybercriminals are already hacking into seemingly harmless areas of government networks. And, as a result, he claims, criminals are gaining access to entire databases.
The Barracuda Networks general manager notes that, last year saw British home secretary Theresa May describing cybercrime as a “new and growing” danger and committed £500m to tackling it.
The government’s published National Security Strategy, he says, categorised the issue as a tier one threat, placing it on the same level as international terrorism and major accidents.
Both the Stuxnet computer virus - which was created to sabotage Iran’s nuclear programme - and the more recent Duqu virus, which allows users to install programs; view, change, or delete data with full user rights, emphasised the threat to government networks from malicious attacks, he adds/
As a result, Alge argues that governments are seeking ways to protect their networks. Despite some efforts being made, he believes that not enough is actually being done.
“By acknowledging the threat posed by cybercriminals, the government is helping to raise awareness of IT security. Get Safe Online Week - which is taking place this week - is an annual event to raise awareness of internet safety issues. Despite this, the government needs to be actively practicing what it preaches and managing its own security effectively”, he said
Against this backdrop, Alge argues that the security landscape is made up of a variety of different criminals with different goals.
“Hacktivists are anonymous groups who are intent on making a statement. Cyber-terrorists want to weaken the power of a country in any possible way, and there are those intent on stealing any information, with the sole aiming of making money”, he explained.
“Government institutions are aware of this, and are doing well to promote the threat these criminals carry, however, are they listening to their own message?”, he said.
So what is the solution?
Alge says that, like everyone else, government agencies enquire guidance when it comes to managing and protecting their network.
“Audits can identify where lapses lie and offer guidelines for continual improvement, and standardised practices can be assigned with no department left to fend for themselves. Also, a much better understanding of cyber security threats will lead to a greater allocation of budgeted funds”, he said.
“It’s not a case of being reactive and throwing money at the problem; it’s a collective understanding of what that money is used for”, he concluded.