Story image

Are UK councils prioritising data collection over security?

23 Feb 2018

A slamming report from Big Brother Watch paints a pretty bleak picture of UK councils’ approach to cybersecurity.

According to Big Brother Watch, UK local authorities have experienced in excess of 98 million cyberattacks over the last five years, which means there are at least 37 attempted breaches of UK local authorities every minute.

Furthermore, one in four councils experienced an actual security breach between 2013 and 2017.

This is especially concerning when one considers how much data they actually hold. Local authorities are building ever-expanding troves of personal information about citizens and under the banner of data-driven government are seeking to actively gather more and more.

The statistics from Big Brother Watch gives rise to the question, is cyber security being appropriately prioritised by local authorities or is more data collection the main focus of their digital strategies?

Barracuda Networks senior vice president of international sales Chris Ross says they were interested to see the report from Big Brother Research.

“This mirrors the findings from our own FoI report, which we conducted last year, which found that more than a quarter (27 percent) of UK councils have fallen victim to a ransomware attack in particular,” says Ross.

“As the UK public sector continues its cost-saving push towards bringing ever more services online, an inevitable consequence is the volume of data on offer to hackers has increased.”

Big Brother uncovered a number of startling findings, including the fact that despite the constant threats and actual breaches, 75 percent of local authorities do not provide mandatory training in cybersecurity awareness for staff and 16 percent don’t provide any training at all.

And of the 114 councils that experienced a breach and failed to protect data from cybercriminals in the last five years, more than half (56 percent) did not even report the incident.

Big Brother Watch says this is simply not good enough and drastic changes need to be made.

“Councils need to play their part in the UK’s data ecosystem and do their best to prevent successful cyberattacks. With the risk only increasing over time, it is crucial that they act now before serious harm is done,” the report states.

The group quotes a policy briefing provided by the Society of Information Technology Management:

“Cyber resilience is generally seen as an ‘IT security’ matter in local government, not often treated as a major business and service threat, with top executive and political ownership. This needs to change.”

Ross says while the numbers regarding UK local authorities are certainly disturbing, there is a silver lining.

“From our research we were encouraged to learn that the majority of councils affected were able to minimise the impact due to having a back-up system in place. But it’s disappointing that so many of them fell victim in the first place,” says Ross.

“The UK public sector needs to ensure it employs a comprehensive cyber security strategy that protects all attack vectors and surfaces, in order to keep citizen data safe and avoid potential fines for data breaches.”

Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.