CIOs from organisations across the public sector have revealed that the growing security threat was one of their top challenges as they try to find ways to balance security with access to information.
This was one key themes from a recent survey conducted by Objective, which involved in-depth interviews with CIOs to uncover the key challenges their organisations face when it comes to managing information, and how they plan to address these over the coming months and years.
Access versus security
Balancing the conflicting priorities of information access and security is a significant challenge for CIOs in 2022. On the one hand, CIOs in the public sector are acutely aware of their responsibility to protect highly sensitive customer and stakeholder information. On the other hand, there’s a push from the public for digital delivery of services and greater access to their information.
CIOs are also faced with the ever-growing and constantly changing nature of cyber attacks. According to Accenture’s State of Cyber Security Resilience report, 32 per cent of organisations have seen an increase in the number of successful cyber attacks since 2020, and 81 per cent are struggling to stay ahead of changing threats to security. Newly adopted remote and hybrid working practices have reinforced the need for greater security measures, adding a further layer of complexity for organisations.
In light of this, it’s little wonder that Gartner reports that 70 per cent of governments will increase their spending on cyber security in 2022.
Beyond technology
Moving to the cloud, with capabilities to be more secure than on-prem, is a practical first step to improving your security efforts. And it’s a measure that 95 per cent of CIOs we spoke to were either planning or had already taken.
However, the CIOs we spoke to acknowledged that cyber security is not about technology alone.
It was commonly accepted by the CIOs surveyed that “good security is a culture”, and that building staff awareness and attitudes are critical.
The way you manage and store your information can also have a significant impact on your security efforts. It’s impossible to put appropriate security measures in place if you aren’t managing and classifying your information correctly.
For example, when information is not appropriately classified, it’s unclear how long it needs to be stored, when it needs to be reviewed, and when it can be disposed of. This means information is often stored for longer than it needs to be. And if you are the victim of a security breach, you potentially have a larger volume of information that could be exposed.
A holistic approach
When considering information security, it’s important to take a holistic approach – focusing on both the security of the systems that store your information, as well as appropriate security protocols on the information itself.
Securing the systems where we create and store information is essential in our fight to maintain control over cyber threats. Most high-quality cloud-based platforms offer inbuilt security features that help protect from a range of known and anticipated threats.
Within those systems, appropriate security protocols also need to be put in place for each piece of information. Classification and permissions need to be applied to information shared inside the organisation as well as externally. Complete audit capabilities are needed to maintain security and to provide evidential proof of compliance with industry standards and regulations.
To learn more about the challenges facing CIOs in the public sector and regulated industries, download Ojective’s insight paper: How CIOs are Taming the Information Sprawl.
Leave a Reply