The government is a well-known target for cyber criminals, but according to a new report, the problem is more significant than many people thought.
Big Brother Watch’s Cyber-attacks in local authorities found that UK councils faced 98 million cyber attacks between 2013 and 2017, and a quarter of incidents led to data breaches. This equates to 24.5 million successful cyber attacks and, in all likelihood, hundreds of millions of citizens’ data records being exposed.
The report also found that:
- 56% of councils that were breached said they didn’t report the incident;
- 75% said they don’t provide mandatory cyber security awareness training; and
- 16% said they don’t provide any form of cyber security training.
Commenting on the report, Jennifer Krueckeberg, lead researcher at Big Brother Watch, said: “With councils hit by over 19 million cyber attacks every year, one would assume that they would be doing their utmost to protect citizens’ sensitive information. We are shocked to discover that the majority of councils’ data breaches go unreported and that staff often lack basic training in cyber security.
“Local authorities need to take urgent action and make sure they fulfil their responsibilities to protect citizens.”
Pat Walshe, director of data protection consultancy Privacy Matters, added: “The Big Brother Watch report reveals inconsistent approaches to safeguarding personal and sensitive data held by local authorities. It highlights the pressures faced by local authorities in a world of diminishing resources but increasing demands. It will be important that local authorities receive appropriate support moving forward.”
Commit to cyber security training
Staff training is an essential part of any organisation’s cyber security programme. It can be hard work putting in place a comprehensive course from scratch, so many organisations invest in programmes such as our Information Security Staff Awareness E-Learning Course.
This course will familiarise your employees with the basics of information security, including security threats via email, the Internet and the workplace. It will also introduce them to your policies on incident reporting and responses.
The subject matter isn’t technical, as the course is aimed at anyone who processes information or uses information technology in their job.