sb-eu logo
Story image

Are UK councils prioritising data collection over security?

23 Feb 2018

A slamming report from Big Brother Watch paints a pretty bleak picture of UK councils’ approach to cybersecurity.

According to Big Brother Watch, UK local authorities have experienced in excess of 98 million cyberattacks over the last five years, which means there are at least 37 attempted breaches of UK local authorities every minute.

Furthermore, one in four councils experienced an actual security breach between 2013 and 2017.

This is especially concerning when one considers how much data they actually hold. Local authorities are building ever-expanding troves of personal information about citizens and under the banner of data-driven government are seeking to actively gather more and more.

The statistics from Big Brother Watch gives rise to the question, is cyber security being appropriately prioritised by local authorities or is more data collection the main focus of their digital strategies?

Barracuda Networks senior vice president of international sales Chris Ross says they were interested to see the report from Big Brother Research.

“This mirrors the findings from our own FoI report, which we conducted last year, which found that more than a quarter (27 percent) of UK councils have fallen victim to a ransomware attack in particular,” says Ross.

“As the UK public sector continues its cost-saving push towards bringing ever more services online, an inevitable consequence is the volume of data on offer to hackers has increased.”

Big Brother uncovered a number of startling findings, including the fact that despite the constant threats and actual breaches, 75 percent of local authorities do not provide mandatory training in cybersecurity awareness for staff and 16 percent don’t provide any training at all.

And of the 114 councils that experienced a breach and failed to protect data from cybercriminals in the last five years, more than half (56 percent) did not even report the incident.

Big Brother Watch says this is simply not good enough and drastic changes need to be made.

“Councils need to play their part in the UK’s data ecosystem and do their best to prevent successful cyberattacks. With the risk only increasing over time, it is crucial that they act now before serious harm is done,” the report states.

The group quotes a policy briefing provided by the Society of Information Technology Management:

“Cyber resilience is generally seen as an ‘IT security’ matter in local government, not often treated as a major business and service threat, with top executive and political ownership. This needs to change.”

Ross says while the numbers regarding UK local authorities are certainly disturbing, there is a silver lining.

“From our research we were encouraged to learn that the majority of councils affected were able to minimise the impact due to having a back-up system in place. But it’s disappointing that so many of them fell victim in the first place,” says Ross.

“The UK public sector needs to ensure it employs a comprehensive cyber security strategy that protects all attack vectors and surfaces, in order to keep citizen data safe and avoid potential fines for data breaches.”

Story image
Phishing attack exploited Samsung, Adobe servers for Office 365 credentials
The campaign used seemingly credible web domain names to lure its victims and bypass security filters, including from Oxford University, Adobe and Samsung.More
Story image
Phishing becoming more prolific and impregnable - report
The study, conducted with VirusTotal and WHOIS XML, analysed more than 600,000 domains to accurately track malicious activity throughout the pandemic. More
Story image
Why DX is not complete without a transformed security architecture
Secure Access Services Edge (SASE) is the process by which core WAN edge capabilities like SD-WAN, routing, and WAN optimisation at branch locations are integrated with cloud-based security services like secure web gateways, firewall-as-a-service, cloud access security brokers, and more.More
Story image
Cyber attacks use LinkedIn to target companies and employees
The attacks, which ESET researchers have called Operation In(ter)ception, took place from September to December 2019 and are notable for using LinkedIn-based spearphishing. More
Story image
State-based cyber attack targeting Australian government and businesses
Prime Minister Scott Morrison told media on Friday morning that a 'malicious' attack by a state-based cyber actor is underway in the country.More
Story image
Illumio launches Zero Trust endpoint protection solution for our digital, remote world
“As organisations were forced to transform overnight to allow for remote work, a host of endpoint security issues that have either been ignored or invisible until now were brought to the forefront."More