Phishing attacks have been launched by Bristol City Council IT chiefs against the authority’s own staff to beef up cyber security after a “worrying” report revealed the danger of a breach has increased. Bristol City Council employees who fall for the “scams”, staged by their own colleagues, are redirected to a training programme to help them avoid succumbing to a real attack. A report to the resources scrutiny commission said it was “likely” hackers would target the authority’s computer systems and , if successful, the impact would be “critical”, the highest level possible. The assessment means the level of risk of a cyberattack is rated as “high” and has risen since the previous quarter of the 2018/19 financial year.
"Bristol City Council employees who fall for the “scams”, staged by their own colleagues, are redirected to a training programme to help them avoid succumbing to a real attack." https://t.co/Gc4Mc51xdR
— Sir Steve Ignobled by Boris Johnson Woods (@wood5y) March 12, 2019
Corin Imai, Senior Security Advisor at DomainTools:
“Bristol City Council taking proactive steps to improve the cybersecurity awareness of their staff is an encouraging development. As we know, human error remains the one vulnerability we have consistently failed to patch as an industry, and big organisations such as local government are particularly vulnerable, as they are likely to employ people whose cyber-awareness and ability varies massively. Phishing attacks can have devastating consequences for all organisations, but those in the already cash strapped public sector should take extra care to improve their resilience to the attacks. Failure to do so could leave the PII or financial information of residents open to further cybercrime.”