Council of War

Editorial Type: Research Date: 2018-03-01 Views: 1,175 Tags: Security PDF Version:
A new and deeply disturbing report from Big Brother Watch reveals that UK councils are severely unprepared for cybersecurity threats, with 25% of these authorities experiencing a data breach in the last five years

The report, 'Cyber attacks in local authorities: How the quest for big data is threatening cyber security', reveals that, based on Freedom of Information requests made by Big Brother Watch, UK local authorities have experienced in excess of 98 million cyber-attacks in that five-year timeframe.

"This means that there are at least 37 attempted breaches of UK local authorities every minute," the civil liberties and privacy campaigning organisation reports. "In addition, at least 1 in 4 councils experienced a cyber security incident - that is, an actual security breach - between 2013-2017."

While some councils have taken measures to face the ever-growing threat from cyber-attacks, the areas of staff training and reporting of successful cyber-attacks especially need urgent attention, it adds.

"Surprisingly, our current investigation reveals that little action has been taken to increase staff awareness and education in these matters. We found that 75% of local authorities do not provide mandatory training in cyber security awareness for staff and 16% do not provide any training at all. Considering that the majority of successful cyber-attacks start with phishing emails aimed at unwitting staff, negligence in staff training is very concerning and only indicative of the low priority afforded to cyber security issues."

Big Brother Watch's findings further reveal that 25 local authorities experienced losses or breaches of data in the past five years as a result of cyber security incidents. "Yet 56% of councils who failed to protect data from cyber security threats did not even report the incidents," it adds.

Clearly, if this situation continues, the consequences for local authorities and all those whose information they hold are dire. What they need to do now, as a matter of urgency, is review their policies with a view to mitigating the risks of cyber security incidents that threaten the security of citizens' invaluable data. Anything less would be a clear breach of trust between those councils and the millions of people they are supposed to serve and whose sensitive personal data has been entrusted to them.

Brian Wall
Computing Security