IT Essentials: Library learning and silo stomping
Swallow your pride and speak up
It's time to pull our collective socks up and talk to peers when breached.
Britain's public sector is creaking at the seams. It's over-worked and dramatically under-resourced, not helped by repeated and dramatic misunderstandings of modern IT.
Nevertheless, it still limps along doing its best - the plucky little service that could.
Okay, 'little' might be pushing it a bit for a sector employing the best part of 6 million people, but scale doesn't translate to budget. Finding a police force, local council or hospital happy with their lot is about as rare as hens' teeth.
Nevertheless, lack of funds isn't the reason the British Library warned this week that there's no money to be made in attacking the British state.
After a breach in October, the Library refused to pay - or even talk to - the attacker, in line with NCSC guidance that aims to make it pointless to threaten the UK public sector.
That wasn't the Library's only move, though. It's also opened up and been fully transparent about the attack, in the hope that its experiences can help other organisations defend themselves.
The (many, many) IT leaders we talk to here at Computing all say the same thing: companies have to share information in the wake of an attack. The attackers swap tips all the time - why don't we?
Primarily, it's down to age-old human weaknesses: pride and money. Few businesses want to draw more attention to a cyber incident than required, and risk suffering even more damage in the process.
As an example, Capita estimated the direct cost of a cyberattack last year at £20 million - but taking a fall in share price and other factors into account, it actually cost upwards of £100 million.
Despite efforts to hack-back against attackers, fighting ransomware groups has become much more difficult since Russia, where most attackers are based, cut off what minor ties it had with the international enforcement community.
In light of that, operating in silos is not a valid strategy: and in this case, your entire company is a silo. Take a lesson from the British Library and be open, honest and transparent when you suffer an attack: you never know who it might help.
Recommended reads:
If you, like every other IT leader in the world, are interested in AI, John Leonard has talked with Datastax CPO Ed Anuff about how to make AI work for your business on a technical level. Disclaimer: You will learn about chunking while reading this article.
We've talked exclusively to Richard Corbridge, CDIO at DWP, about how he's modernising Europe's largest IT estate. In a heavily risk-averse environment, where one wrong bit of code could mean people miss life-saving benefits, changes have to be made safely and carefully - but not conservatively.
We've also talked to Space Aye, the brilliantly named company putting Scottish space tech on the map; investigated the failure of the government's Help to Grow scheme; and launched nominations for the 2024 Women in Tech Excellence Awards.
Cyber threats are rising, and IT leaders need the latest information to stay ahead of the curve. Join us at the Cybersecurity Festival on 2nd May, where we bring together the most senior and influential voices from security leaders throughout the UK. Click here to secure your free place.