Vertical Markets

BBW on cyber in councils

by Mark Rowe

The quest for big data in local government is harming councils’ cyber security, claims a report by a privacy and civil liberties campaign group.

Big Brother Watch (BBW) says that councils are under cyber attack while they are accumulating sensitive and personal information about citizens. BBW claims an overwhelming failure of councils to report losses and breaches of data, as well as shortcomings in staff training. It found 25 councils experienced one or more cyber security incidents (as defined by the UK’s National Cyber Security Centre, NCSC) that resulted in the loss or breach of data – but more than half of councils (56pc) who experienced a loss or breach of data did not report it. Although human error is the main factor in making a hack successful, the investigation found that 297, some three-quarters of local authorities do not provide mandatory cyber security training to staff. Some 62 (16pc) councils do not provide any cyber security training at all.

Jennifer Krueckeberg, Lead Researcher at Big Brother Watch said: “With councils hit by over 19 million cyber attacks every year, one would assume that they would be doing their utmost to protect citizens’ sensitive information. We are shocked to discover that the majority of councils’ data breaches go unreported and that staff often lack basic training in cyber security. Local authorities need to take urgent action and make sure they fulfil their responsibilities to protect citizens.”

For the report with the full breakdown of local authorities visit the BBW website.

Comments

Stephen Burke, Founder and CEO, Cyber Risk Aware says: “It’s concerning that a large proportion of councils are not providing mandatory cyber-security training – and some are not providing any at all. Employees are on the front line when it comes to safeguarding data and it only takes one person to click on a malicious link to place the security of the entire organisation at risk.

The role of staff awareness and education is particularly significant with the EU GDPR set to come into force. It’s more important than ever for all organisations to take measures to educate staff on the basics of good cyber security, from how to spot potential phishing emails to how to report anything that doesn’t look genuine. Through regular simulated attacks on staff, it maintains a very high level of awareness because at an emotional level, people don’t like feeling they have been caught out and therefore try hard not to feel that way again. It has the great effect of rapidly reducing the risk of a user falling victim to a phishing email.”

Raj Samani, Chief Scientist and Fellow at McAfee, said: “One of the greatest concerns around today’s news that such a great number of council computer systems have been breached is the previous lack of communication around these attacks. Unless made aware, potential victims – the citizens that they’re serving – are unable to protect themselves, whether by changing passwords or more closely monitoring for instances of fraud.

“That said, we will gain nothing by pointing the finger at the IT and security teams. Managing the growing and evolving against a background backdrop of squeezed budgets, local authorities are having to make difficult choices about where their investments should be made. Unfortunately, few public sector organisations have the budget to invest in greater human resources to combat the growing cyber threat. Instead, IT and security teams are having to take more intelligent approaches to solving the problem. One way is through automating certain processes, removing simple repetitive activities that enable them to put their energy into planning their defences against the wider threat landscape.”

And Dave Palmer, Director of Technology at Darktrace said: “This scale of unwanted attention is just a part of doing business in today’s digital world. Cyber-attackers are constantly trying to get into organizations’ networks, and this volume of attempted cyber-attacks is the equivalent of would-be burglars rattling your doors and windows. Overwhelmingly, such attempted attacks and scans will be stopped by protective defences, but because of constant criminal innovation you should always assume that it’s inevitable that small numbers of attacks will get in. In light of this, organizations need to be confident that they will be able to detect and stop attacks once they’re inside the business, before they can become a crisis.”

Related News

  • Vertical Markets

    Dash cam portal

    by Mark Rowe

    A dash cam manufacturer’s National Dash Cam Safety Portal (NDCSP) is 12 months on, and 4891 videos have been uploaded. It’s not-for-profit…

  • Vertical Markets

    Retail expo

    by msecadm4921

    Retail Business Technology Expo 2012, the London retail show, has been hailed a success, attracting 6,150 visitors, representing a 46pc increase on…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing