Guest blog:Local authorities need a shift in mindset to be cyber aware

2018 hasn’t been a good year for local authorities in terms of cybersecurity after reports highlighted that they are unprepared to deal with cyber attacks and that many continue to use out of date and vulnerable software.

Numerous data breaches also made the headlines raising concerns that local councils are falling behind when it comes to implementing effective cybersecurity.

According to Big Brother Watch’s Cyber-attacks on local authorities report there were 98 million cyber-attacks aimed at local authorities over the last 5 years. Meaning that there are at least 37 attempted breaches of UK local authorities every minute. In addition, at least 1 in 4 councils experienced a cybersecurity incident – that is, an actual security breach - between 2013 – 2017.

A combination of budgetary constraints and the inability to attract and retain cyber talent play a part in why local authorities are being successfully attacked, however, the lack of leadership when it comes to implementing the basics plays a far greater role.

According to GCHQ studies, 80-90% of economic loss due to cybercrime is a result of organisations neglecting basic best practice. Statistics show that far too many councils are not giving employees basic awareness training on the threats they face.

What's more, while these council data breaches aren't necessarily about any significant financial gain for cybercriminals, they do highlight the important question of just how secure all levels of government are; the entire ecosystem, from central departments to local council.

Basic best practice

We know how hard it can be when dealing with a threat that's always growing and evolving, but councils have had plenty of warning when it comes to the cyber risks they face. However, it needn't be difficult to take effective steps to counter the threat, and security shouldn't have to cost the earth to implement.

We urgently need a shift in mindset when it comes to security. Organisations need to stop wondering if a cyber incident will happen to them, and acknowledge instead that it's actually a case of when it will happen. Robust training can address the most common weak point for many organisations, their employees' knowledge of cyber, but common sense is our biggest ally

when it comes to cybersecurity. Doing the absolute basics – even if we do nothing else – will deliver tangible benefits.

Every council trains its employees in health and safety procedures, but very few provide training in basic cybersecurity. According to the report from Big Brother Watch, while three-quarters of councils do offer training but it's not mandatory.

The challenge involved in changing people's attitudes towards cyber security is a big one. It hasn't helped that, for many years, some areas of the cybersecurity industry have made it out to be a dark art full of mysticism. Perceiving cybersecurity as a scary and dark art, most people will try to avoid it as they don't believe that they can do anything to change the situation.

In reality, we need to remember that hacking has become easier than ever thanks to the release of mass-produced exploitation kits that are readily available to anyone with a Tor browser, access to the Dark Web and some bitcoins. But as with most criminals, hackers prefer easy targets. The chances are high that if you have some basic security software installed and have kept your machine up to date with the latest patches, a hacker will pass you by as they seek out easier prey. The same rules apply online as well as offline.

As the guardians of our services, defences and the prosperity of our nation, governments need to be taking basic security far more seriously. It's not hard, or necessarily expensive; it just needs doing. Make yourself an easy target, and you will become a victim.

Share this

FROM SOCIAL MEDIA

A full list of our recent events is here: https://t.co/0R30jnHjDG A big thanks to everyone who helped us along th… https://t.co/zGzO3wANtM
And we entered the festive season with a discussion about the Government’s new Vision for Digital Health and Care w… https://t.co/5ZWpHJHW3I
And as the nights closed in, we launched #Manifesto4Matt with 250+ people at our Industry Dinner. @MattHancock welc… https://t.co/c9WPSsGtNo
We began November with a Supplier Development Day to help companies to get on to @NHSEngland 's HSS Framework. 62 c… https://t.co/X1sCp8FbYZ
In October we headed to Liverpool to explore just how much 5G could transform the health and social care sector to… https://t.co/3WXKUkScmX
At the start of Sept we decamped to Manchester for @ExpoNHS and hosted two insightful discussions with… https://t.co/sbOD1ImvBt
In August we hosted 6x GPIT Futures webinars with @NHSDigital ... and at the end of the month co-hosted a fascinati… https://t.co/9aXgmRtJgv
In July some quick-footed players took a break from the World Cup to display their agility and skills at an interac… https://t.co/bglCKYBpB5
In June we were joined by @NHSDigAcademy CEO @ukpenguin Rachel Dunscombe and @NHSCCIO to set out concrete steps on… https://t.co/hhkA5km1Ea
We kicked off May with @TJamesHawkins @NChishick @JamesTnorman leading our @NHSDigitalbriefings; and enjoyed pizza… https://t.co/ltam2iTXvh