A recent Freedom of Information request has highlighted the threat that is facing UK councils with 2.3 million attacks already being detected so far this year. This equates to the UK authorities facing 10,000 cyberattacks every day and is a 14 percent rise in the number of cyberattacks year-on-year.
This is a huge number and although some of these attacks are being intercepted by IT security the sheer number of attempts means inevitably some will get through. This comes at a cost with the councils paying out over £10m over the past five years which includes monies lost to hackers, legal costs and regulatory fines.
Phishing attacks remain the largest threat to councils
Phishing attacks are the largest cyber threat facing councils with three-quarters saying that it was the most common type of attack attempted against them. The fact that cybercriminals are focusing so much on phishing attacks also reflects the new challenges facing the public sector.
The pandemic and the associated changes in the way we work have impacted most sectors, but councils have probably seen some of the biggest challenges. The increase in the reliance on digital solutions combined with a workforce that is no longer tied to an office means that cybercriminals have identified an opportunity to get access to potentially hugely sensitive and valuable data.
With public sector workers now sitting outside of the office network, they are more vulnerable to being caught out by phishing attacks, some of which are now incredibly convincing. The nature of much of the work undertaken in the sector means that any breach is potentially disastrous not only to the organisation but to the public too.
Zero-trust is critical for councils to better protect data
With the threat to the public sector seemingly increasing all the time in terms of the number of attacks and the level of sophistication associated with them, we have to find new ways of keeping cybercriminals out. A recent Cost of a Data Breach report highlighted how a zero-trust approach to cyber defences can have a huge impact.
Zero-trust is where nothing inside or outside the network is taken on face value. It wraps layered, protected, AI-powered software around every user and every element in your infrastructure. It essentially means that everything coming into a user is treated as a threat until proven otherwise. In the face of such sophisticated attacks and so many sitting outside of protected layers, this seems a great option for the public sector.
The Cost of a Data Breach report also highlighted that those not deploying a zero-trust approach incurred $1 million more in breach costs on average than those who had turned to such solutions.
IT consultancies helping councils combat the cybercrime threat
The FOI request highlighted how more councils are turning to external support to help them mitigate the risk of cyberattacks. 52 percent have turned to IT consultancies and in the face of an ever-changing threat landscape bringing on board a team of experts to keep cybercriminals out will be key over the coming months.
Not only does this allow internal teams to focus on other critical areas of the organisation, but also helps to ensure that data is kept safe, frontline services are able to continue and the cost to the taxpayer is kept at a minimum. The threat from cybercriminals over the coming months is only to be increasing. Councils have to look to do more to protect the data they hold. This might be introducing new strategies such as zero-trust and/or working with IT consultancies. Councils can no longer afford to be static in their approach to cyber defences. Cybercriminals certainly are not and the levels of sophistication now being deployed in order to gain access to data mean new ways of thinking and support have to be adopted.
AJ Thompson is CCO at Northdoor plc.