Guest blog:Local authorities need a shift in mindset to be cyber aware

2018 hasn’t been a good year for local authorities in terms of cybersecurity after reports highlighted that they are unprepared to deal with cyber attacks and that many continue to use out of date and vulnerable software.

Numerous data breaches also made the headlines raising concerns that local councils are falling behind when it comes to implementing effective cybersecurity.

According to Big Brother Watch’s Cyber-attacks on local authorities report there were 98 million cyber-attacks aimed at local authorities over the last 5 years. Meaning that there are at least 37 attempted breaches of UK local authorities every minute. In addition, at least 1 in 4 councils experienced a cybersecurity incident – that is, an actual security breach - between 2013 – 2017.

A combination of budgetary constraints and the inability to attract and retain cyber talent play a part in why local authorities are being successfully attacked, however, the lack of leadership when it comes to implementing the basics plays a far greater role.

According to GCHQ studies, 80-90% of economic loss due to cybercrime is a result of organisations neglecting basic best practice. Statistics show that far too many councils are not giving employees basic awareness training on the threats they face.

What's more, while these council data breaches aren't necessarily about any significant financial gain for cybercriminals, they do highlight the important question of just how secure all levels of government are; the entire ecosystem, from central departments to local council.

Basic best practice

We know how hard it can be when dealing with a threat that's always growing and evolving, but councils have had plenty of warning when it comes to the cyber risks they face. However, it needn't be difficult to take effective steps to counter the threat, and security shouldn't have to cost the earth to implement.

We urgently need a shift in mindset when it comes to security. Organisations need to stop wondering if a cyber incident will happen to them, and acknowledge instead that it's actually a case of when it will happen. Robust training can address the most common weak point for many organisations, their employees' knowledge of cyber, but common sense is our biggest ally

when it comes to cybersecurity. Doing the absolute basics – even if we do nothing else – will deliver tangible benefits.

Every council trains its employees in health and safety procedures, but very few provide training in basic cybersecurity. According to the report from Big Brother Watch, while three-quarters of councils do offer training but it's not mandatory.

The challenge involved in changing people's attitudes towards cyber security is a big one. It hasn't helped that, for many years, some areas of the cybersecurity industry have made it out to be a dark art full of mysticism. Perceiving cybersecurity as a scary and dark art, most people will try to avoid it as they don't believe that they can do anything to change the situation.

In reality, we need to remember that hacking has become easier than ever thanks to the release of mass-produced exploitation kits that are readily available to anyone with a Tor browser, access to the Dark Web and some bitcoins. But as with most criminals, hackers prefer easy targets. The chances are high that if you have some basic security software installed and have kept your machine up to date with the latest patches, a hacker will pass you by as they seek out easier prey. The same rules apply online as well as offline.

As the guardians of our services, defences and the prosperity of our nation, governments need to be taking basic security far more seriously. It's not hard, or necessarily expensive; it just needs doing. Make yourself an easy target, and you will become a victim.

Share this

FROM SOCIAL MEDIA

Don't miss our flagship public services conference #techUKSmarterState 2019 on 18 September! Learn about the future… https://t.co/TPKdKkTc2V
Sabina Ciofu (@SabinaCiofu), techUK's Head of EU Policy, looks at what new European Commission President Ursula von… https://t.co/gUGsMN8MR2
Bookings are now open for #Supercharging 2019! Join us on 06 November in Manchester where we'll be looking at the i… https://t.co/XZzMPEexQn
@craigmelson Programme Manager for Digital Devices, Environment and Compliance and Consumer Electronics, discusses… https://t.co/dptyFfIATo
@coada Managing Director UK & Ireland @googlecloud discusses how a multi-cloud approach can help businesses to capt… https://t.co/RsvG7tKgbi
Guest blog: Sundip Bhatnagara from @AccentureUK discusses how to unlock the trapped value in cloud. Take a read her… https://t.co/JMzoFQjVcA
Guest blog: Chris Cook at @Garnet8Ltd discusses how cloud computing can act as an enabler to maximise the value of… https://t.co/XYdcO1SHGN
techUK's Associate Director of Policy, Giles Derrington (@G_Derrington), looks at the new report into the impacts o… https://t.co/dLpIsfYXQn
As we prepare to leave the EU, we must ensure that the future immigration system reflects the needs of UK businesse… https://t.co/nn0l710zWp
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...