Are UK councils prioritising data collection over security?
A slamming report from Big Brother Watch paints a pretty bleak picture of UK councils' approach to cybersecurity.
According to Big Brother Watch, UK local authorities have experienced in excess of 98 million cyberattacks over the last five years, which means there are at least 37 attempted breaches of UK local authorities every minute.
Furthermore, one in four councils experienced an actual security breach between 2013 and 2017.
This is especially concerning when one considers how much data they actually hold. Local authorities are building ever-expanding troves of personal information about citizens and under the banner of data-driven government are seeking to actively gather more and more.
The statistics from Big Brother Watch gives rise to the question, is cyber security being appropriately prioritised by local authorities or is more data collection the main focus of their digital strategies?
Barracuda Networks senior vice president of international sales Chris Ross says they were interested to see the report from Big Brother Research.
“This mirrors the findings from our own FoI report, which we conducted last year, which found that more than a quarter (27 percent) of UK councils have fallen victim to a ransomware attack in particular,” says Ross.
“As the UK public sector continues its cost-saving push towards bringing ever more services online, an inevitable consequence is the volume of data on offer to hackers has increased.
Big Brother uncovered a number of startling findings, including the fact that despite the constant threats and actual breaches, 75 percent of local authorities do not provide mandatory training in cybersecurity awareness for staff and 16 percent don't provide any training at all.
And of the 114 councils that experienced a breach and failed to protect data from cybercriminals in the last five years, more than half (56 percent) did not even report the incident.
Big Brother Watch says this is simply not good enough and drastic changes need to be made.
“Councils need to play their part in the UK's data ecosystem and do their best to prevent successful cyberattacks. With the risk only increasing over time, it is crucial that they act now before serious harm is done,” the report states.
The group quotes a policy briefing provided by the Society of Information Technology Management:
“Cyber resilience is generally seen as an ‘IT security' matter in local government, not often treated as a major business and service threat, with top executive and political ownership. This needs to change.
Ross says while the numbers regarding UK local authorities are certainly disturbing, there is a silver lining.
“From our research we were encouraged to learn that the majority of councils affected were able to minimise the impact due to having a back-up system in place. But it's disappointing that so many of them fell victim in the first place,” says Ross.
“The UK public sector needs to ensure it employs a comprehensive cyber security strategy that protects all attack vectors and surfaces, in order to keep citizen data safe and avoid potential fines for data breaches.