Industry Talk

Regular Industry Development Updates, Opinions and Talking Points relating to Manufacturing, the Supply Chain and Logistics.

Facing the cybersecurity threats within UK local government

Technology is now at the heart of the UK public sector – especially local government.

It is a critical catalyst for driving innovation and has the potential to simplify, optimise and enrich the delivery of products and services.

Furthermore, the increased operational efficiency of digital platforms offers not only the promise of freeing up scarce human resources for frontline services, but also delivering those services amidst tighter budgets.

Unfortunately, with such substantial rewards on offer, the risks are numerous and sustained.

 

Phishing and social engineering

Phishing attacks remain the biggest threat to councils with 75% stating it is the most common type of cyber-attack experienced. This compares to 84% of businesses and 83% of charities.

These attacks typically involve sending fraudulent emails or messages designed to trick recipients into clicking on malicious links or opening attachments. Once compromised, attackers move to gain access to sensitive information, such as login credentials, personally identifiable information (PII), and financial data.

These phishing attacks are highly targeted and often exploit current events or vulnerabilities in popular software. They can be difficult to detect, especially when they come from seemingly legitimate sources.

 

Ransomware

Ransomware attacks have become sophisticated and widespread. Attackers encrypt data and demand payment in exchange for decryption. If the ransom is not paid, the data may be lost or sold.

December 2021 saw Gloucester City Council hit by a targeted ransomware attack which encrypted its servers.  This has an immediate operational impact as the attack temporarily prevented the council from providing services which relied on the data.

Earlier this year, the Information Commissioners Office (ICO) reprimanded London Borough of Hackney following a cyber-attack in 2020 that led to hackers accessing, then encrypting 440,000 files, affecting at least 280,000 residents.

 

A lack of response

Perhaps most worrying however, is that in recent research undertaken by Gatewatcher, we found that some local government organisations cannot determine the number of attempts regarding phishing and ransomware.  This is because they cannot investigate all attempts – thus making it impossible to distinguish between types of genuine cyber-attack attempts.

Whilst a lack of successful phishing or ransomware attacks is a measure of success, it means that the exposure to risk remains constant. It is not reduced.

Our experience is not the only cause for concern.  Research commissioned by ERP provider TechnologyOne, that surveyed more than 500 senior managers at local authorities across the UK, found that only a quarter ranked cybersecurity in their top three priorities. 26% acknowledged they have made “no progress” on upgrading cybersecurity and 59% said their approach is outdated.

The question is therefore how best to address this risk as quickly as possible. Network Detection and Response (NDR) technology that provides real-time visibility into network traffic has rapidly become one of the leading options for consideration.

 

NDR as part of the portfolio

When combined with artificial intelligence (AI), NDR can analyse vast amounts of data to identify patterns and anomalies that may indicate a cyberattack. This enables security teams to detect and respond to threats more quickly and efficiently.

NDR makes it easier to identify and investigate suspicious behaviour and AI-powered NDR can automate certain response actions, as well as gathering valuable threat intelligence. Alongside a comprehensive cybersecurity strategy spanning user education, multi-factor authentication and effective incident response plans, local government can be better placed to mitigating the impact of the phishing and ransomware attacks that constitutes so much of the threat they now face.