UK Councils Under Cyber Attack: The Urgent Need for a Culture of Cybersecurity and Resilience

Evangelists-Javvad MalikThe very fabric that stitches our society together — our councils and local governing bodies — is under a silent siege from cyber attacks. The recent ransomware assault on Leicester Council is  another real life cybercrime added to a growing list of attacks in the UK.

Redcar and Cleveland, Hackney, and the simultaneous cyber onslaught suffered by Canterbury, Dover, and Thanet Councils in Kent, to Gloucester City Council's stark warning of personal data potentially stolen and services disrupted should serve as a wake-up call to councils and local governing bodies to relook and improve their current cybersecurity measures as they are increasingly becoming sought after targets by cybercriminals. 

The grave reality is that these types of attacks are not mere inconveniences, but have a huge impact on all kinds of essential services like housing, disability support payments, child protection services and so much more. It can take days, weeks and even months in some instances to get systems back up and running and secure, after attacks, causing harm and creating chaos in communities, and in many cases having long lasting implications for its victims.

Hospitals, just like councils and local governing bodies, have become prime targets for cybercriminals because of the vast amounts of sensitive personal information it keeps in its systems. These institutions are some of the most important in any community, providing vital services to individuals, yet they are underfunded and operate with limited, and often undertrained, cybersecurity resources.

It then comes at no surprise that they are popular targets for cybercriminals as most hospitals, councils and local governing bodies lack in cybersecurity expertise and infrastructure, leaving it vulnerable to attacks which have the potential of severe and devastating impact. 

NCSC recently warned council chiefs that their email accounts, phones and computers will ‘almost certainly’ be targets for ‘cyber espionage operations’ before local and national elections. At the same time, TechnologyOne published findings from a survey conducted with more than 500 local authority senior managers and 2,000 residents in the UK, casting a revealing light on the dissonance between public perception and the stark realities faced by councils. 

So, what path lies ahead for our councils? Battling against cyber attacks is no easy feat, even large and well-funded organisations struggle to keep attackers at bay. While more budget and investment into technology is always needed, it’s not always forthcoming. 

But if we look at it from the perspective of the attacker, we can make smarter decisions in how to better protect organisations. Social engineering, in particular phishing attacks are the most common way through which organisations are breached and ransomware is spread. So, focussing on protecting employees from social engineering attacks can be one of the most effective ways to reduce the overall risk, and at considerably less cost than upgrading all IT systems. 

Security awareness and training goes a long way, and in doing so, organisations don’t just begin to change the behaviours of individuals, but collectively build a strong cybersecurity culture which makes the entire workforce be a part of the solution. 

But building a strong security culture isn’t something that happens overnight. It needs consistent effort. Just as a single workout session produces minimal outcomes, occasional security awareness programs will not lead to lasting change. It is through persistent effort, and the nurturing of a shared responsibility that councils can create a framework of resilience.

In the fight against cyberattacks, it's becoming increasingly clear that cybersecurity is not only a technical challenge but also a cultural one which requires everyone to work together. By cultivating a strong security culture, through engaging and relevant training, all organisations can strengthen their human firewall and mitigate its internal human risk. 

In this cyber arena, success depends not on a handful of individuals, but on the combined efforts of every employee, from the frontline staff to the senior leadership. By cultivating a culture where cybersecurity is not just a requirement, but a shared belief, local governing bodies can transform their image from that of being an easy target in the eyes of criminals.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews