The latest Big Brother Watch report has found that more than 25% of UK councils have had their computer systems breached in the past five years. The report found 114 councils had experience at least one incident between 2013 and 2017 which was based on Freedom of Information requests. The data all reported that the number of cyber-attacks on local authorities, which hold the data of millions of residents, at 98 million between 2013 and 2017. This amounts to 37 attacks every minute.
Full Story Here: http://www.bbc.co.uk/news/uk-43121581
Commenting on the news are Paul Edon, director at Tripwire and Javvad Malik, security advocate at AlienVault:
Paul Edon, director at Tripwire:
The truth of the matter is that many organisations, not just councils, remain unprepared for a cyber attack. It’s difficult to prepare for something you don’t understand, can’t visualize, and haven’t experienced.
You would have hoped that the devastation caused by NotPetya and WannaCry would have triggered an instant reaction for organisations to get their security in order. This isn’t the case.
To get security right, organisations need to get the basics right. Start by understanding the risk you have. You must conduct regular, preferably continuous, assessments of configuration and vulnerability risk across your IT systems. Then ensure systems are regularly patched and upgraded.
Following these basic security hygiene rules will go a long way to making your systems secure and the attackers’ job more difficult.
Javvad Malik, security advocate at AlienVault:
It’s not surprising to hear of any company, government office or council being attacked. If a system is online, it will likely be attacked or probed in some way or another. However, it is important that these councils, and indeed enterprises of all sizes are prepared with not only defensive controls, but have in place good monitoring in order to be able to detect where a breach may have occurred, so that appropriate response measures can be taken.
Staff training should also not be overlooked, particularly as the deadline for GDPR looms close and any breaches of personal information will be scrutinized more closely.