Sep 27, 2017Industry insights,
A quarter of local authorities hit by ransomware
It is shocking to see just how many local authorities have experienced a ransomware attack. As reported in findings from security company Barracuda, 115 councils (equating to 27% of all UK councils) have reported having ransomware attacks. In most cases, the backups have been robust enough to be able to restore the data effectively, however, it does raise the question: How does an organisation, such as a local authority, become victim to these type of attacks in the first place? Considering each local authority is thought to store on average 6TB of data, which will obviously include personal data from their local residents.
Aside from the fact that when asked, 30% of local authorities couldn’t be sure whether they had been affected by a cyber-crime of this nature, another concern is that many local authorities still choose to operate on old and unsupported equipment and software, such as Windows XP. This means many of their PCs will not have had the latest security or updates. With effectively no manufactures support, these machines and the business that use them are left completely vulnerable to infiltration and cybercrimes of this nature.
In addition to the ransomware attacks, you don’t have to look very far to find out the many ways local government have left themselves exposed. In the recent report by the Information Commissioners Office; Data Security and Incident Trends, they demonstrate the full range of data breaches for Q1. Although local authorities have generally seen a 17% decrease in incidents, they still remain one of the highest sectors for the number of breaches. When you then consider that there were only two recorded cyber incidents for this period, and that two next most serious incidents were actually the incorrect posting or faxing of data (18), and the loss or theft of data (10), it would seem there is a much more serious risk that’s posed by local government than just cyber security. Your personal data is just as likely to be left on the train, as it is encrypted and held for ransom.