Local authorities are sitting ducks for cyber attacks

A new study reveals that local authorities in the UK have been the target of an estimated 98 million cyber attacks in the last five years, constituting an average of 37 attacks every minute.

Research by privacy campaign group Big Brother Watch found that 25 local councils had been compromised by cyber attacks. The group said their findings represented an ‘overwhelming failure’ by councils to implement effective cybersecurity policies and suggested that local authorities nationwide will need to rethink training and preventative strategy to combat the growing threat from online attacks.

The majority of effective attack techniques surveyed used a phishing email technique to trick staff into handing over confidential data, such as passwords. The campaign group says this underlines the reality that human error is the biggest threat to a group’s cybersecurity.

Local councils were also found to be the group most imitated in phishing emails aimed at the general public, due to their trustworthy image.

According to the study, three in four councils do not provide the mandatory cybersecurity training to staff, with 16 per cent not providing any training at all. Meanwhile, a majority of 56 per cent of councils were found to not report data breaches when they occur. Some 25 per cent of councils have faced breaches to their computers since 2013, with a total of 25 experiencing a loss or breach of sensitive data as a result of these attacks.

Public sector must act ‘to protect citizens’

In the wake of the findings, Big Brother Watch spokesperson Jennifer Krueckeberg said the campaign group was ‘shocked’ by the findings and she has called on councils to ‘take urgent action and make sure they fulfil their responsibilities to protect citizens.’

A spokesman for the Local Government Association has however moved to reassure the public by saying that councils are liaising with the National Cyber Security Centre to ensure that their security systems ‘are as robust and resilient as possible.’ He also emphasized the low level of harm done by most of the 19.5 million estimated annual cyber attacks aimed at councils, stating: ‘Very few of these attacks actually manage to breach the firewalls or scanning systems in place.’

Cybersecurity scientist Raj Samani says that the findings underline the high threat posed to public sector bodies by cyber crime in light of a lack of funding.

He said: ‘The public sector is an increasingly popular target for cyber criminals. Its ample sensitive data provides large-scale opportunities to cause havoc . . . It is no secret that our public sector is grappling with significant budgeting challenges. On top of this, new strains of malware are being developed every day. It is therefore essential that security remains a key priority’.

Sign-up to our weekly cybersecurity news digest

Want to read more stories like this? Our weekly news digest helps to keep you up-to-date with cybersecurity news stories relevant to the legal sector.

Sign up to our email list 

Maximise your Law Society membership with My LS