What makes an attractive target for a cybercriminal? This is a question the UK’s National Cyber Security Centre (NCSC) constantly needs to ask itself because, as we’ve all seen in recent years, cyberattacks have the potential to cause severe disruption on a national level. But what organisations might be most vulnerable? Who in society is most at risk of a cyberattack? Well, according to a joint technical alert on malicious activity by the NCSC and the FBI, local governments could be one of the prime targets.
It’s easy to see why. Councils these days use an increasing range of technologies, from apps and the cloud to different devices and gadgets. The very nature of public service organisations means hundreds if not thousands of accounts, records and files with sensitive data are stored in centralised data systems. If a hacker finds an Achilles’ heel to a particular system, the whole organisation can be left vulnerable to an attack, and the repercussions can permeate through, not only to all employees, but beyond to the people it serves.
Of course, it is a global problem. As recently as March 2018, a ransom-ware attack locked the City of Atlanta’s municipal government staff out of their computer systems. This attack was described as one of the most sustained and consequential cyberattacks ever mounted against a major American city administration. Closer to home, the WannaCry cyberattack in 2017 exposed the NHS and threatened its ability to provide care to patients.
Councils are being encouraged to take note of current cyber security guidance in light of heightened threats. It’s not a matter of ‘if’, they are being told, but ‘when’. Specific targets include large public service providers such as universities, hospitals and police departments; organisations that have no scope for going off-line for days or weeks to action structured IT disaster recovery procedures. In today’s online landscape organisations need to protect themselves with robust cyber security measures. If they don’t, they run the risk of being punished by anonymous criminals.
For guidance on managing the risks of cyberattack, click here.
This article and related document links do not purport to be comprehensive or to give legal advice. While every effort has been made to ensure accuracy, Risk Management Partners cannot be held liable for any errors, omissions or inaccuracies contained within the article and related document links.
Readers should not act upon (or refrain from acting upon) information in this article and related document links without first taking further specialist or professional advice.
Risk Management Partners Limited is authorised and regulated by the Financial Conduct Authority. Registered office: The Walbrook Building, 25 Walbrook, London EC4N 8AW. Registered in England and Wales. Company no. 2989025
Risk Management Partners Limited is authorised and regulated
by the Financial Conduct Authority.
Registered office: The Walbrook Building 25 Walbrook, London EC4N 8AW.
Registered in England and Wales. Company no. 2989025.