A quarter of UK councils 'have been hacked'

Local authorities experience 19 million cyber attacks every year, finds report

Over a quarter of all UK councils have had their IT systems breached in the past five years, according to privacy campaign group Big Brother Watch.

Freedom of information requests sent by the group found that 114 councils experienced at least one incident between 2013 and 2017, as well as more than 98 million cyber attacks on local councils in total across the country.

This amounts to 37 cyber attacks launched every minute on the local governments, with successful attempts potentially giving hackers access to the sensitive and personal information of UK citizens, said Big Brother Watch in its 'Cyber attacks in local authorities' report.

Worst yet, the report uncovers the councils' failure to report losses and breaches of data - which organisations must do within 72 hours under GDPR, though currently do not have to under UK law - as well as shortcomings in staff training.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It found that despite human error being the main factor in a successful hack, 75% of local authorities said their staff don't undergo compulsory cyber security training.

Jennifer Krueckeberg, lead researcher at Big Brother Watch, said: "With councils hit by over 19 million cyber attacks every year, one would assume that they would be doing their utmost to protect citizens' sensitive information.

"We are shocked to discover that the majority of councils' data breaches go unreported and that staff often lack basic training in cyber security. Local authorities need to take urgent action and make sure they fulfil their responsibilities to protect citizens."

Newcastle City Council blamed human error for a breach that saw thousands of adopted children's data leaked in an email attachment last summer, while the Information Commissioner's Office (ICO) fined Gloucester City Council 100,000 for falling foul of the Heartbleed hack in 2014.

Raj Samani, chief scientist and fellow at McAfee, criticised the councils for failing to inform citizens of breaches.

"Unless made aware, potential victims the citizens that they're serving are unable to protect themselves, whether by changing passwords or more closely monitoring for instances of fraud," he said.

Advertisement - Article continues below

"That said, we will gain nothing by pointing the finger at the IT and security teams. Managing the growing and evolving against a background backdrop of squeezed budgets, local authorities are having to make difficult choices about where their investments should be made."

Samani added that one solution to this is through automating certain processes, such as removing simple repetitive activities that enable them to put their energy into planning their defences against the wider threat landscape.

The failure of local authorities to protect against malicious online activity against them comes just after the UK's Department of Health admitted that all 200 NHS trusts assessed for cyber security vulnerabilities failed to meet the required standards, following the devastating WannaCry ransomware attack last summer.

The malware affected 300,000 computers in 150 countries in May last year, including 48 NHS trusts, also shutting down multiple hospital IT systems as well as companies and universities elsewhere.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/business/business-strategy/354304/ex-apple-cpu-architect-accuses-the-firm-of-invading-privacy
Business strategy

Ex-Apple CPU architect accuses the firm of invading privacy

10 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019