A freedom of information request by privacy campaign group Big Brother Watch has revealed the shocking statistic that a quarter of all UK councils have had their IT systems breached in the past five years.
37 Attempted Cyber Attacks Every Minute
The ‘Cyber Attacks In Local Authorities’ report from Big Brother Watch shows that local governments are subject to cyber attack attempts at the staggering rate of 37 per minute!
Thankfully, only a tiny fraction of the attacks launched are successful although this still represents a serious problem. For example, 114 councils experienced at least one incident between 2013 and 2017.
The nature of the work of UK Councils is such that they hold a large amount of up-to-date personal data for people in their areas, so one successful breach can have very serious consequences.
Not Disclosing Breaches
One particularly worrying aspect of council behaviour exposed by the report is that, from the data gathered, few seem to have reported losses and breaches of data, which is something that organisations will be required to do within 72 hours under GDPR when it comes into force in May.
Human Error – Training Needed
As in so many companies and organisations, human error is often a factor in breaches. In 2015, for example, Big Brother Watch has exposed how local authorities committed 4 data breaches a day, all thought to be predominantly caused by human error.
Big Brother Watch has also revealed that that, despite the number and seriousness of the breaches, little action has been taken by UK councils to increase staff awareness and education in matters of cyber security and data protection. For example, it has been disclosed that 75% of local authorities do not provide mandatory training in cyber security awareness for staff, and that16% do not provide any training at all!
What Does This Mean For Your Business?
Some commentators have been quick to point out that bearing in mind how much sensitive data councils hold about citizens, and the incredible amount of attempted cyber attacks against them, they could be making more of an effort and an investment to beef-up security.
Other commentators have noted that cuts to council budgets e.g. with austerity measures may have played their part in limiting cyber security effectiveness in UK councils.
After the shocking findings of the report, Big Brother Watch issued some recommendations to local authorities which could very well apply to other businesses and organisations. These are:
- Cyber security should be prioritised, and that rather than investing too much in surveillance technologies, more should be invested in cyber security strategies and in the training of staff.
- Cyber security incidents should be consistently reported, and that a protocol needs to be established so that incidents are reported quickly and to the right authorities e.g. the police, the ICO, and the National Cyber Security Centre.
- All staff should receive mandatory training in cyber security because Cyber attacks are not only designed to breach computer systems, but also to exploit humans who are often the weakest cyber security link.