Story image

Are UK councils prioritising data collection over security?

23 Feb 18

A slamming report from Big Brother Watch paints a pretty bleak picture of UK councils’ approach to cybersecurity.

According to Big Brother Watch, UK local authorities have experienced in excess of 98 million cyberattacks over the last five years, which means there are at least 37 attempted breaches of UK local authorities every minute.

Furthermore, one in four councils experienced an actual security breach between 2013 and 2017.

This is especially concerning when one considers how much data they actually hold. Local authorities are building ever-expanding troves of personal information about citizens and under the banner of data-driven government are seeking to actively gather more and more.

The statistics from Big Brother Watch gives rise to the question, is cyber security being appropriately prioritised by local authorities or is more data collection the main focus of their digital strategies?

Barracuda Networks senior vice president of international sales Chris Ross says they were interested to see the report from Big Brother Research.

“This mirrors the findings from our own FoI report, which we conducted last year, which found that more than a quarter (27 percent) of UK councils have fallen victim to a ransomware attack in particular,” says Ross.

“As the UK public sector continues its cost-saving push towards bringing ever more services online, an inevitable consequence is the volume of data on offer to hackers has increased.”

Big Brother uncovered a number of startling findings, including the fact that despite the constant threats and actual breaches, 75 percent of local authorities do not provide mandatory training in cybersecurity awareness for staff and 16 percent don’t provide any training at all.

And of the 114 councils that experienced a breach and failed to protect data from cybercriminals in the last five years, more than half (56 percent) did not even report the incident.

Big Brother Watch says this is simply not good enough and drastic changes need to be made.

“Councils need to play their part in the UK’s data ecosystem and do their best to prevent successful cyberattacks. With the risk only increasing over time, it is crucial that they act now before serious harm is done,” the report states.

The group quotes a policy briefing provided by the Society of Information Technology Management:

“Cyber resilience is generally seen as an ‘IT security’ matter in local government, not often treated as a major business and service threat, with top executive and political ownership. This needs to change.”

Ross says while the numbers regarding UK local authorities are certainly disturbing, there is a silver lining.

“From our research we were encouraged to learn that the majority of councils affected were able to minimise the impact due to having a back-up system in place. But it’s disappointing that so many of them fell victim in the first place,” says Ross.

“The UK public sector needs to ensure it employs a comprehensive cyber security strategy that protects all attack vectors and surfaces, in order to keep citizen data safe and avoid potential fines for data breaches.”

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.