There has been a surge in cyberattacks targeting local authorities this year, according to a new report from the National Cyber Security Centre (NCSC).
The threat has been exacerbated by the increase in remote working during the COVID-19 pandemic, it adds.
While the report has not been made public, sources reportedly told Local Government Chronicle (LGC) that the cyber threat level has increased over the last six to nine months due to the growing digitalisation of councils’ operations.
LGC reports that attempted ransomware attacks “are taking place more frequently and demanding higher sums of money from their victims.”
It’s not just local authorities that are being targeted – the Labour party is the latest victim of a ransomware attack after following a cyberattack on cloud computing provider Blackbaud.
LGC says a source “with insider knowledge of local government cyberattacks” told the publication that having so many office staff working from home has heightened the risk of attacks.
You might also like
“More is happening digitally so there is now a larger surface area for cybercriminals to target,” they explained. “More hastily developed, substandard software is being used too which is affecting many organisations, including councils.”
LGC says it understands that the NCSC report also spelt out the implications for the sector of the recent government decision to exclude Huawei from its 5G network in 2027. It noted that some local government organisations have only recently signed new multi-year contracts with Huawei and will therefore be negatively affected by the decision.
“Councils go to Huawei because they are cheaper than their competitors, so they will have to spend more now,” the source said, reportedly questioning where the funding would come from for replacement systems.
In May, cybersecurity firm Clearswift noted in research that public sector IT teams “can feel under-resourced and over-stretched when trying to manage and mitigate the cyber-threat.”
It also noted revealed that almost half of respondents have either not heard of, or do not know what ransomware is.