We are hearing more and more in the press recently about local government bodies falling victim to cyber-attacks. A large majority are likely to be targeted by ransomware attacks than any other type of organisation, according to a new study by Barracuda Networks, which has looked at 71 global ransomware incidents over the last 12 months.
Cyber criminals reportedly attacked UK local authorities more than 800 times an hour in 2019 and this year appears to be no different, with high profile cyberattacks on several of the country’s local councils including Hackney and Redcar and Cleveland.
But why is this happening? We explore the key factors behind these attacks and what can be done to mitigate them.
Cyberattack affecting local authorities
Councils reportedly face an unprecedented number of cyberattacks on a daily basis. The majority of these are blocked before they cause too much disruption, but there have been several cases this year that have hit the headlines.
A ransomware attack in February cost Redcar and Cleveland Borough Council £10.14 million. Since the cyberattack, the council has put itself on the list of pilot authorities to enrol on a National Cyber Security Centre (NCSC) scheme. It said this will mean its cyber defences will be "far more advanced" than most other local authorities.
Hackney Council was the target of a “serious cyber-attack”, in October this year, which affected its I.T. systems and services. The chief executive of the Local Government Association warned that the consequences of a cyber-attack were ‘greater than ever’ following this attack.
Eleonora Harwich, research director at British think tank, Reform, said: “The resilience of our public services has already been tested to an unprecedented degree since the start of the pandemic. A WannaCry level attack now would be devastating, literally putting lives at risk.”
So why are local councils finding themselves the target of cybercrime?
The number of cyberattacks on local authorities has increased significantly in recent months as attackers exploit organisations left vulnerable by changes made in response to the COVID-19 crisis. Cybercriminals have taken the opportunity to prey on remote workers through phishing and other deceptive techniques.
Why are local councils particularly at risk?
A report from Reform, highlights that many councils have out-dated technologies and poor awareness of cyber security. However, there are concerns that local councils are delaying the rollout of cyber security systems in order to reduce costs despite the increased risk of hacking due to the pandemic.
Lack of training
The Reform report found that many councils are unclear about what training is required for staff.
Reform is urgently calling on the Government to mandate National Cyber Security Centre training for any council staff handling sensitive information. It also wants yearly audits to ensure that staff adhere to the latest cyber policies.
Lack of budget
Cyber criminals are well aware that local authorities have vast stores of valuable data such as personal and financial details of residents. At the same time, they generally have small budgets and limited resources compared to central government, making them an easy target.
Criminals rely on the idea that local governmental bodies will act quickly and pay a ransom demand to unlock their systems because the public depends on them for essential services. However, there is no guarantee that, even after paying a ransom, the data will be able to be recovered or that criminals will not strike again.
Lack of knowledge
A study conducted by Clearswift found that nearly half of local government workers do not know what ransomware or two-factor authentication (2FA) is. The research also found that more than three-quarters of public sector workers (77%) have been given no instruction in how to recognise ransomware.
This lack of knowledge undoubtedly makes councils more vulnerable to cyber-attacks.
How can attacks on local authorities be prevented in the future?
To protect against the increased threat local authorities are experiencing, they need to broaden their approach to cybersecurity. Continuous incremental improvements are the key to success. The right technology is important but ensuring that employees are fully aware of the risks and that the right processes are in place to mitigate threats are of are of equal importance.
In these difficult times it’s even more important for our public services to be there when they are needed. Even whilst many of us work remotely, we can’t reduce our need for vigilance and appropriate responses to reduce the risks of cyber-attacks causing damage. Claritas can assist with reviewing your current estate and situation, and offer advice that will offer the best protection for your situation.
Barry Alston, Director of Digital Services at Claritas
To find out more about how to protect your organisation from cyberattack please contact Claritas on firstname.lastname@example.org or 0845 639 9661