76% of local government organisations suffered a cyber attack in the past year
Many IT professionals are unsure how to combat the rise in attacks
A total 87% of local government organisations have experienced a phishing attack in the past 12 months, closely followed by 76% who have experienced a malware, virus or Trojan attack, according to research into threats and opportunities across local government by Malwarebytes.
Half of respondents also reported being the victim of a ransomware attack in the past year, further underlining the scale of the challenge faced by local government.
Several organisations have experienced repeated ransomware attacks, including Barnsley Metropolitan Borough Council, which suffered 13 incidents over the last three years, and Stockport NHS Foundation Trust, which saw six attacks between 2014 and 2016.
The research surveyed senior professionals in a wide range of roles across local government. Public sector organisations in the UK are prime targets for cyber-criminals, due to the wide array of personal data they hold.
Many still use legacy IT and software solutions, meaning they can be infiltrated more easily by criminal gangs than similar-sized private sector companies.
Confidence in security is lacking
Many senior figures have admitted a lack of understanding about how to combat the rise in attacks. They are also unsure what technology is best suited to them and what exactly it's designed to counteract.
This in turn has led to a lack of confidence in a number of the solutions currently employed by local government. One-third of all respondents said they lacked confidence in their current solution's ability to protect against zero-day threats, as well as identify and remove suspicious activity.
42% of the organisations surveyed expect their current security budget to increase in 2018, indicating how seriously risk mitigation is being taken.
Although all of the organisations surveyed stated no data was stolen and no ransoms were paid, it's vital that local government seeks to adopt robust solutions to mitigate cyber security risks both before and after impact.