Councils are Failing on Cyber Security

In the past five years, more than twenty five percent of British local authorities have suffered a security breach due to the majority of which failing to provide mandatory cybersecurity awareness training. This latest report from Big Brother Watch,​Cyber-attacks in Local Authorities , after receiving Freedom of Information responses from three hundred and ninety five authorities. The report revealed that councils fell victim to a shocking ninety eight million attacks between 2013 and 2017, averaging at thirty seven breaches per minute. Twenty nine percent of councils systems were breached by hackers, six percent experienced a data breach as a result. Fifty six percent of councils who were subjects to a breach or data loss left it unreported. This sort of behaviour would result in GDPR regulators enforcing a fine upon these councils after 25th May. The report indicated that mandatory cybersecurity awareness training was left unprovided by seventy five percent of council, while sixteen percent provide no training whatsoever.

A Word of Warning

Big Brother Watch strongly suggested to local authorities that they should be focusing more on ensuring citizens data is secure as opposed to intrusive surveillance technologies. According to the report, ​“Our research suggests that local authorities are not taking cybersecurity and data protection seriously enough. While some councils have a developed good understanding of the danger cyber-attacks pose, good practice needs to be seen across the board. “It is unacceptable that living in the jurisdiction of a couple with lax policies and insufficiently trained staff exposes those citizens’ personal data to greater risk.” According to Andy Norton, director of threat intelligence Lastline, ​“The onset of GDPR in May could very well be a breaking point for Local Government. According to a survey done by the society for internet practitioners in the Public Sector in 2017, 2.4 percent of authorities revenues get spent on IT. It is already an austere situation of local authorities and the risk exposure to GDPR fines is largely unmanaged with the current level of protection being far from state of the art.”

Alternative Thoughts

Anthony Chadd, senior director EMEA at Neustar, believes differently, reminding people that the pressure to deliver against a backdrop of spending cuts and growing cyber-risk is putting local governments under increasing pressure. “As the guardians of millions of citizens’ personal information, and with less than 100 days until the GDPR comes into force, ensuring robust data security has never been more critical,” Says Chadd. “From protecting against DDoS attacks to encrypting mission-critical data and IP, local governments across the country must ensure cybersecurity is at the heart of their digital transformation strategies.

“In order to successfully guard against the work of intelligent cyber-criminals, as well as effectively combat the chance of human error along the way, councils can look to the NHS for lessons in best-practice. By deploying new operational centres to protect patient data from the threat of hackers, and hiring white hat hackers as part of a £20 million investment, the NHS has recognised the appalling consequences of data breaches, and is dedicating resources to fix vulnerabilities across its IT systems.”