Local councils have had an immensely trying year and a half. Alongside the pressures forced upon them by the COVID-19 pandemic, local councils are also coming under increasing attack from cybercriminals who are looking to hack systems and extract information and money from local authorities through ransomware.
The complexity and unique nature of these attacks make them especially disruptive to the operations of local councils, causing millions of pounds of damage as well as inconveniencing local residents and putting their data at risk.
The Information Commissioner’s Office revealed that in 2020 alone councils across the UK reported more than 700 data breaches, that's around two data breaches a day. Of these many had their operations disrupted as a result of breaches or ransomware. One such council, the London Borough of Hackney, was left reeling from the attack for six months, with some aspects of land searches and the processing of changes to existing benefit and council tax claims and payments still affected.
Redcar & Cleveland Council was the first English council to receive a government grant towards expenditure directly attributable to recovery from a ransomware attack, amounting to £3.7m. And the attacks on local councils are only likely to increase.
One of the things that makes local government so susceptible to these attacks is the fact that so many are operating on legacy IT systems due to financial pressures. This means they are reliant on outdated infrastructure that is maintained and repaired in a “keep the lights on” way, rather than replaced with modern digital systems. Any information system that doesn’t get regularly updated becomes low-hanging fruit for cybercriminals and vulnerabilities in outdated software can grant easy, backdoor access to the rest of the council’s IT systems.
Older IT systems tend to lack the latest security protections and controls, as vendors stop security patching and supporting certain software. A recent Cabinet Office report found that the government spends £2.3bn on patching up systems, some of which date back 30 years or more. The report contained a star warning that government could end up spending between £13bn and £22bn over the next five years on obsolete systems unless they took action.
But amongst the worrying figures outlined by the Cabinet Office, are also some recommendations for change; such as reducing reliance on legacy IT in government at all levels, moving away from costly, insecure and unreliable technology and laying the foundations for future digital transformation.
Since 2011 the Government has been on a mission to make interactions between citizens and government "digital by default", measures for which include migrating legacy technology platforms to lower cost, more scalable, Cloud-based infrastructures.
Cloud-based systems have many benefits that legacy systems do not, they enable rapid, secure and cost-effective scaling of services and security vulnerabilities can be patched immediately at data centres, minimising resource costs and downtime.
At a time when local government has never been more vulnerable to cyberattacks and their impact on services and finances it is more important than ever that systems are updated with the latest security protections.
That’s why at TechnologyOne we have lifted all of our local authority Software as a Service (SaaS) customers to government strength cybersecurity protection, significantly surpassing the current security guidelines and government standards set for SaaS providers. In meeting the stringent Australian Federal Government IRAP security standard all of our UK Council and University customers have protection surpassing that recommended in the UK National Cyber Security Centre principles and guidelines.
Customers can safely and securely interact with their data to facilitate digital transformation upgrades; get ahead of the next series of global security and compliance standard uplifts that are currently underway and meet the most stringent government and jurisdictional policies and standards.
Our customers, like Huntingdonshire District Council, have not only found the security protections of TechnologyOne’s OneCouncil system to be beneficial but digitally transforming the finance operations has freed up much more time for council members to spend on valuable work, rather than moving in and out of different spreadsheets and legacy financial systems.
Ultimately, says Conwy County Borough Council by digitally transforming business management systems, councils can reduce in-house IT support costs, as maintenance, data storage, security and software upgrades are carried out remotely, in the cloud, by TechnologyOne.
Still reeling from the impact of COVID-19, and looking ahead to an ever growing threat landscape, these benefits will be more important than ever.
Tony Robertson, Director, Cloud Capacity & Compliance at TechnologyOne
This article was sponsored by TechnologyOne