UK’s councils are severely under-prepared for cybersecurity threats, a new report by Big Brother Watch says.
Based on a freedom of information request, out of 395 local authorities, 114 have had at least one breach between 2013 and 2017. The group said it was “shocked” that staff often lacks cyber-training. At the same time the Local Government Association said councils take cyber-security “extremely seriously”.
Out of those councils that had been breached, a quarter (25 per cent) experienced a data loss or data breach as a result.
These cyberattacks usually start with a phishing email, tricking the victim into believing it is actually talking to a friendly person, a colleague or a boss. Humans seem to be the entire process’ weakest link. Big Brother Watch says the only way to improve cybersecurity is to give employees more training.
Jennifer Krueckeberg, lead researcher at Big Brother Watch, said: "One would assume that they [councils] would be doing their utmost to protect citizens' sensitive information.
"Local authorities need to take urgent action and make sure they fulfil their responsibilities to protect citizens," she added.
The Freedom of Information request said that there had been a total of 98 million attacks on local authorities between 2013 and 2017, amounting to 37 attacks a minute.
A Local Government Association spokesman said: "Very few of these attacks actually manage to breach the firewalls or scanning systems in place."
He added that councils were working with the National Cyber Security Centre to ensure their systems "are as robust and resilient as possible".
Commenting on the news, Anthony Chadd, senior director, EMEA, Neustar, said, “In today’s political and economic climate, local governments are under increasing pressure to deliver first-class services against the backdrop of reduced funding, increasing demands and – now – the growing threat of a crippling cyber-attack."
“As the guardians of millions of citizens’ personal information – and with less than 100 days until the GDPR comes into force – ensuring robust data security has never been more critical. From protecting against DDoS attacks to encrypting mission-critical data and IP, local governments across the country must ensure cyber-security is at the heart of their digital transformation strategies.”
Image source: Shutterstock/alexskopje