Over 75% of UK councils hit with malware over the past year

Report - senior leaders say their current IT systems lack the capability to deal with new cyber threats

Malware

Over 75% of UK local councils and public bodies have been hit by cyberattacks over the past 12 months, according to new research by software security firm Malwarebytes.

The 38 local authorities surveyed said that legacy systems had become a major cause of concern, with 72% of survey respondents adding that it's particularly difficult to integrate new services and applications, leaving them exposed to emerging cyber threats.

Councils have become a key targeted for cybercriminals, according to the report, with 75.8% of authorities having fallen victim to malware, viruses or Trojans over the past year, while 50% said they have experienced a ransomware attack during the same period.

As a result, one-third of senior council officials said they had little confidence in the ability of their current systems to identify and remove suspicious traffic, and that there was no protection against zero-day vulnerabilities often exploited with ransomware.

Criminals have started to shift away from attacking large companies with sophisticated cybersecurity measures, towards relatively vulnerable public bodies that often hold vast amounts of personal data behind weak defences.

Advertisement
Advertisement - Article continues below

In May the NHS was one of those many public services brought to its knees by the WannaCry ransomware campaign, while in 2016, Lincolnshire City council was hit by similar ransomware after its systems were infected through a simple email phishing scam.

The UK parliament was also hit by a "sustained" cyber attack in June, in which 90 email accounts belonging to MPs were accessed. The resulting investigation led security experts to suspect the attack was state-sponsored, most likely originating in Russia.

Although 21 million has been put aside to help upgrade computer systems within the NHS to defend against WannaCry-style attacks, the majority of UK councils remain at risk. As a result, there is a general lack of understanding when it comes to cyber threats and how to deal with them at the local government level, according to the report.

In a separate report published in July, it was found that over 60% of Scottish councils had been targetted by criminals since 2014, with Aberdeen City Council being one of the hardest hit with 12 successful cyber attacks. Of the 19 incidents revealed through a freedom of information request, only 9 were reported to the police, according to the Scotsman.

"It's clear from these findings that there is widespread awareness of the threat of cyber-crime amongst high-ranking local government officials but many are not yet confident in their ability to deal with it," said Anthony O'Mara, VP EMEA at Malwarebytes.

"A lack of faith in legacy systems has led to a massive crisis in confidence within local government, which only adds to the vulnerability of these organisations," added O'Mara. "This, combined with a very noisy vendor marketplace, has meant many high-ranking government officials are now left confused as to how to best deal with these threats."

The UK government announced last year it would be spending 1.9 billion to shore up defences in UK infrastructure considered vulnerable to cyber attacks. As part of that investment, a National Cyber Security Centre was established which is working to "significantly enhance the UK's ability to deal with the full spectrum of cybersecurity threats," according to Prime Minister Theresa May.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

8 Mar 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019