Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - UK Councils Suffer 37 Cyber Attacks Every Minute
News & Analysis

UK Councils Suffer 37 Cyber Attacks Every Minute

ISBuzz TeamBy ISBuzz TeamFebruary 20, 2018Updated:May 2, 20258 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Cybersecurity
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

The latest Big Brother Watch report has found that more than 25% of UK councils have had their computer systems breached in the past five years. The report found 114 councils had experience at least one incident between 2013 and 2017 which was based on Freedom of Information requests. The data all reported that the number of cyber-attacks on local authorities, which hold the data of millions of residents, at 98 million between 2013 and 2017. This amounts to 37 attacks every minute. IT Security experts commented below.

Paul Edon, Director at Tripwire:

“The truth of the matter is that many organisations, not just councils, remain unprepared for a cyber attack. It’s difficult to prepare for something you don’t understand, can’t visualize, and haven’t experienced.

You would have hoped that the devastation caused by NotPetya and WannaCry would have triggered an instant reaction for organisations to get their security in order. This isn’t the case.

To get security right, organisations need to get the basics right. Start by understanding the risk you have. You must conduct regular, preferably continuous, assessments of configuration and vulnerability risk across your IT systems. Then ensure systems are regularly patched and upgraded.

Following these basic security hygiene rules will go a long way to making your systems secure and the attackers’ job more difficult.”

Javvad Malik, Security Advocate at AlienVault:

Javvad MalikIt’s not surprising to hear of any company, government office or council being attacked. If a system is online, it will likely be attacked or probed in some way or another. However, it is important that these councils, and indeed enterprises of all sizes are prepared with not only defensive controls, but have in place good monitoring in order to be able to detect where a breach may have occurred, so that appropriate response measures can be taken.

Staff training should also not be overlooked, particularly as the deadline for GDPR looms close and any breaches of personal information will be scrutinized more closely.

Patrick Hunter, Director at One Identity: 

“There is a war on and it seems that the public are mostly oblivious to the attackers.  There are millions of cyber-attacks in the UK each month and most are simple port scans, phish attempts or similar automated “chancers”.  When articles like these are published we’re supposed to be shocked and dismayed at the poor level or protection put in place by our councils.

They are going to be the hardest hit, always.  They are the keepers of much of our personal data and also, sadly, they are the imitated to try and fool the general public into clicking things that they shouldn’t.  We only have to look at the funding and spend on public sector security to know that they are on the case but keeping up with a determined hacker is always going to be hard.  This is true even in the private sector.

The UK government formed the National Cyber Security Centre in 2016 and formed from GCHQ.  They know what is coming and they are keeping pace as much as they can.

The councils have confirmed that there has been data loss and yet again, we can all see that it is the human aspect that has let them down.  They know they need more training and they need to work with the NCSC to get the best protection our personal data an get.  Let’s hope they get on and fix that final aspect of security – us, the people.”

Dr Anton Grashion, Managing Director, Security Practice at Cylance:

“Rightly or wrongly, cyber criminals must think local authorities are a fairly soft target, especially if they keep being successful. These authorities hold extremely sensitive personal information, and are suffering under a deluge of competing advice and promises of security that serially fail to deliver the levels of security they promise.

Education would be a great place to start, but having predictive prevention to stop the ingress of malicious software and viruses in the first place would seem to be a logical first step. Chasing the problem into the network once a payload has been delivered just adds to the workload and budget of over stressed IT departments.”

Anthony Chadd, Senior Director, EMEA at Neustar:

 “In today’s political and economic climate, local governments are under increasing pressure to deliver first-class services against the backdrop of reduced funding, increasing demands and – now – the growing threat of a crippling cyber-attack.

“As the guardians of millions of citizens’ personal information – and with less than 100 days until the GDPR comes into force – ensuring robust data security has never been more critical. From protecting against DDoS attacks to encrypting mission-critical data and IP, local governments across the country must ensure cyber-security is at the heart of their digital transformation strategies.”

Stephen Burke, Founder & CEO at Cyber Risk Aware:

 “It’s concerning that a large proportion of councils are not providing mandatory cyber-security training – and some are not providing any at all.  Employees are on the front line when it comes to safeguarding data and it only takes one person to click on a malicious link to place the security of the entire organisation at risk.

The role of staff awareness and education is particularly significant with the EU GDPR set to come into force. It’s more important than ever for all organisations to take measures to educate staff on the basics of good cyber security, from how to spot potential phishing emails to how to report anything that doesn’t look genuine. Through regular simulated attacks on staff, it maintains a very high level of awareness because at an emotional level, people don’t like feeling they have been caught out and therefore try hard not to feel that way again. It has the great effect of rapidly reducing the risk of a user falling victim to a phishing email”

Joseph Carson, Chief Security Scientist at Thycotic:

“Cyber security is quickly becoming part of everyone’s daily life and can no longer be separated between personal and work life. In the past, cyber-attacks were a thing that were only a concern for the workplace, though today, that is no longer the situation and cyber-attacks are more common and affect everyone connected to the internet.  Cyber-attacks are going to be the biggest threat to everyone and business on earth and will be the trigger for future wars and political instability.

This is not surprising at all, with shrinking budgets and most councils struggling just to keep the lights on, cybersecurity is surely the last thing on their mind, especially when they have to decide whether to hire vital staff or choose on upgrading software to keep them patched with the latest security updates.  Just like many organisations the focus is on the business and if cybersecurity is not adding value then it is a cost and for most, they are willing to sacrifice being the victim of a cyber-attack versus letting staff go.  So, the news that many councils have been breached in the past five years is not surprising and that cybercriminals are targeting employees stealing passwords, compromising accounts to bypass security controls is a challenge most organisations are facing globally and not unique to the UK.

People are the number one target and cause of cybersecurity failures because most of them are trusting individuals who want to help, or contribute, as part of human nature and their jobs. Hackers and malicious insiders take advantage of that trust by appearing to make legitimate business requests from bosses or sharing social items of a more personalised nature. They’re counting on peoples’ curiosity and willingness to cooperate to get them to “click on the link” in a business or personal email.

One single click on a malicious link, however, can download malware onto your computer that can immediately lock up data in a “ransomware” attack, and often, you have to send money to regain access. Or, the downloaded malware can, unbeknown to the user, begin instantly collecting information aimed at gaining credentials and passwords for exploiting later. While many of these actions by humans are accidental or not intended to be harmful, the result can cause considerable damage to themselves, their family, their co-workers, their company, and their community.

Hackers are specifically looking to steal your username and password credentials so they can access your information and impersonate as you. And, when your identity is stolen, an attacker can easily bypass the traditional technical security perimeter controls without being detected. Once inside the computer network, cybercriminals can carry out malicious attacks or access and steal confidential information by posing as a legitimate user.

A compromised personal account can easily lead a hacker to discover enough information about you to make hacking your business email so much easier. As the line between business and personal Internet use continues to blur, every employee must contribute in protecting information assets at work and at home.”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Foxconn confirms cyberattack following Nitrogen ransomware claims

May 14, 20263 Mins Read

Lazarus Group Turns to Medusa Ransomware in Escalating Global Extortion Campaign

February 26, 20263 Mins Read

New Phishing Kit Starkiller Defeats Multi-Factor Authentication

February 23, 20264 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}