Cyber security across local councils is ‘disjointed and under-resourced’

Padlock on computer keyboard

In the wake of the coronavirus (Covid-19) pandemic, we’ve been spending more time online. As a result, more of our personal data is also online. There’s also been an increase in certain kinds of cyber attacks since the start of the pandemic. According to an Interpol report, cybercriminals are beginning to target “corporations, governments and critical infrastructure”.

And this is affecting councils in the UK too. Because, as reported by Alex Scroxton in, Freedom of Information (FoI) requests show:

UK councils reported more than 700 data breaches to the Information Commissioner’s Office (ICO) during 2020

But the damage is not limited to councils. Because a number of healthcare providers have also been hit by similar data breaches.

Damage done

The FoIs were disclosed to security services provider Redscan. In Scroxton’s article, he explained:

Redscan received responses from over 60% (265 of 398) of borough, district, unitary and county councils in England, Scotland, Wales and Northern Ireland,

The security company found evidence that UK local government cyber security is “by and large, disjointed and under-resourced”. And responsibility for local government rests with central government. According to a report commissioned by the Local Government Association (LGA), as of 2020, “local authorities will have faced a reduction to core funding from the Government of nearly £16 billion over the preceding decade”. Meanwhile the data of private citizens is at risk.

Read on...

So these are real concerns. Because according to Redscan’s chief technology officer Mark Nicholls:

Every council has thousands of citizens depending on its services daily. Going offline due to a cyber attack can deny people access to critical services. To minimise the impact of data breaches, it is important that councils are constantly prepared to prevent, detect and respond to attacks.

However, according to Nicholls:

While our findings show that councils are taking some steps to achieve this, approaches vary widely and, in many cases, are not enough.

So because data held by councils is at risk from cybercriminals, people need assurances that their data is safe.

Previous attacks on councils

Unfortunately, data breaches are far from uncommon. As reported by The Canary in June 2020, a subsidiary of Kent County Council, Kent Commercial Services (KCS), was hit by a ransomware attack. The attackers sent KCS a ransom note demanding £800k in Bitcoins.

Ransomware is software used by cybercriminals to gain access to information on computers. The criminals ensure the computer is inaccessible so they can steal, delete, or encrypt that information. Cybercriminals then ask the computer user to pay a ransom to get the information back.

In February 2020, Redcar and Cleveland Council suffered a similar attack to KCS. That meant over 135,000 UK residents didn’t have access to online public services for almost one week. That included services related to social care and housing complaints. According to 10 councils, including Redcar and Cleveland, reported disruption to daily operations in 2020 as a result of a breach or ransomware attack.

Attacks on healthcare

In May, an Edinburgh mental health clinic was hit by a phishing scam. The scammers were able to access email addresses. Also in May, “a gaping security hole” was discovered in the NHS’ vaccination booking website. This “hole” could have been used “to find out whether someone has received a jab”.

On 14 May this year, the Irish Health Service Executive (HSE) also suffered a ransomware attack. The Irish government says it didn’t pay a ransom. However, the HSE chief executive estimated the attack could have a human costs as well as a cost of around €0.5bn.

Protect our data

These data breaches and attacks on councils and healthcare reveal how vulnerable personal data can be. It also highlights that in a world of increasing online presence, we need to be extra vigilant about where and with whom we share our data. But ultimately, the onus of ensuring local councils are fully resourced to manage our data is on the government.

Featured image via Unsplash – FLY:D

We need your help to keep speaking the truth

Every story that you have come to us with; each injustice you have asked us to investigate; every campaign we have fought; each of your unheard voices we amplified; we do this for you. We are making a difference on your behalf.

Our fight is your fight. You’ve supported our collective struggle every time you gave us a like; and every time you shared our work across social media. Now we need you to support us with a monthly donation.

We have published nearly 2,000 articles and over 50 films in 2021. And we want to do this and more in 2022 but we don’t have enough money to go on at this pace. So, if you value our work and want us to continue then please join us and be part of The Canary family.

In return, you get:

* Advert free reading experience
* Quarterly group video call with the Editor-in-Chief
* Behind the scenes monthly e-newsletter
* 20% discount in our shop

Almost all of our spending goes to the people who make The Canary’s content. So your contribution directly supports our writers and enables us to continue to do what we do: speaking truth, powered by you. We have weathered many attempts to shut us down and silence our vital opposition to an increasingly fascist government and right-wing mainstream media.

With your help we can continue:

* Holding political and state power to account
* Advocating for the people the system marginalises
* Being a media outlet that upholds the highest standards
* Campaigning on the issues others won’t
* Putting your lives central to everything we do

We are a drop of truth in an ocean of deceit. But we can’t do this without your support. So please, can you help us continue the fight?

The Canary Support us