UK Councils Faced 800 Cyber-Attacks
Per Hour
According to the Gallagher insurance
broker, local UK authorities are facing an unprecedented wave of cyber attacks
that in the first half of 2019 amount to nearly 800 every hour. Of the 203
councils that responded to the company's requests for freedom of information
(FOI), almost half (49%) were the target since the beginning of 2017, and more
than a third (37%) was attacked in the first half of the year.
During the first six months of 2019, these
councils experienced 263 million attacks - a figure likely to be much higher if
they consider those authorities who choose not to respond to the FOI's request.
However, despite the firewall, most authorities seem to hold back: according to
Gallagher, only 17 attacks resulted in data or money loss, although one council
reported a loss of over £ 2 million.
Just
13% of local authorities have cyber insurance, a figure the firm would
obviously like to see much higher. “Councils are facing an unprecedented number
of cyber-attacks on daily basis. While the majority of these are fended off, it
only takes one to get through to cause a significant financial deficit, a cost
which the taxpayer will ultimately foot,” argued Tim Devine, managing director
of Public Sector & Education at Gallagher.
"The
costs and damage to reputation on this scale can be devastating to public
authorities, many of whom are already struggling with tight budgets. In many
scenarios, those responsible for purchasing cybersecurity products need
decision at member or management level. The cyber threat and the need for
protection must be high on the list of priorities for each local government.
"
However,
most of the attacks reported in the report are probably the result of
"automated probing and detection tools," and therefore, according to
Tripwire's senior director Paul Edon, they should not be classified as real
security incidents.
"However,
the truth is that many local authorities and councils are still not prepared
for a real cyber attack," he added. "To achieve adequate security,
organizations must prepare the basics properly. Start by understanding the
risks. Regular, preferably continuous, assessment of configuration and
vulnerability risk should be performed on all IT systems. Then make sure your systems
are regularly patched and updated. Compliance with these basic principles of
safety hygiene will significantly increase the security of systems and impede
the work of attackers. "
