Local authorities are operating in a hostile digital landscape, and malicious actors are constantly searching for new routes into their infrastructures. If you are accountable for your local authority’s cyber resilience, here are the biggest security threats you need to know – and how you can combat them.
It’s been a challenging 18 months for a great many organisations, as we have adapted to remote working and the potential cyber security risks that it brings. Local authorities have had it harder than many, as they deal with a particularly unfortunate combination: being a popular and potentially lucrative target for hackers, while also having to deal with budget and staffing constraints that make end-to-end cyber security a challenge.
We’ve already seen some high-profile local authorities suffer data breaches, starting with Hackney Council suffering operational issues following a suspected ransomware attack in late-2020. It’s the kind of thing that keeps IT Managers up at night: systems grinding to a halt, resulting in public services being disrupted and thousands of frustrated residents becoming unable to carry out standard day-to-day transactions with their local authority.
In the more recent case of Gloucester Council, hackers succeeded in compromising security not once but twice. In the first breach, more than 30,000 records containing personal contact information were downloaded from council systems. The second attack at the end of December 2021 – reportedly launched by the same criminals – disrupted online revenue and benefits systems, planning and customer services.
In order to mitigate the cyber risk to your local authority, you first need to understand the biggest cyber security threats you face as a public sector organisation. With this knowledge, you can begin to implement the end-to-end cyber security measures you need to protect your local authority and its residents. In this blog, we’ll cover what you need to know.
Biggest Security Threats to the UK Public Sector in 2022
With many of us working predominantly remotely since 2020, hackers have evolved their tactics to take advantage of organisations’ increased attack surfaces as users have strayed beyond the relative security of the corporate network. The key cyber security threats local authorities face in 2022 are phishing, ransomware, and business email compromise attacks:
Phishing emails are sent by hackers, and they pretend to be from someone you trust like your bank or even a colleague. Their goal is to convince you to do something which they can use to their advantage, such as click on a link to a malicious website or provide login and other personal details. Phishing emails are one of the main methods hackers use to deploy ransomware and business email compromise attacks.
Ransomware’s primary aim is to extort money from organisations and individuals who are infected. It achieves this by encrypting files that are saved locally and on shared drives connected to affected machines and then threatening to leak stolen confidential information onto the public internet. Once files have been encrypted, the user is notified and asked to pay money, typically in cryptocurrency, in order to obtain a key that will unencrypt the files. You can read more details about the ransomware attack suffered by Hackney Council in our blog.
Business email compromise attacks target employees within an organisation by sending spoof emails which fraudulently represent senior colleagues or trusted clients. The emails use social engineering techniques to issue illicit instructions, such as approving payments to hackers’ bank accounts or releasing confidential client data that can be leaked on the Dark Web.
In order to main your local authority’s operational integrity in 2022, you will need to minimise risk as far as possible when it comes to these three pernicious threats. We’ll shortly take a look at how you can go about establishing the end-to-end cyber security resilience you need, but before we do we’re going to share some thoughts from our Head of Threat Intelligence that we believe will be of value.
Evolving Cyber Security Trends You Should Be Aware Of
Our Head of Threat Intelligence, Thomas Cartlidge, heads up a team that monitors the evolving cyber security landscape. He shares his thoughts here on the key cyber security trends he believes you should be aware of.
“2021 was a tough year in the fight against cybercrime, and the bad news is that things don’t look like getting any easier in 2022. Here are some of the key trends I believe need to be highlighted:
- Ransomware may proliferate as a criminal enterprise beyond the traditional Russian gangs. More criminals based in more countries could become involved, as recent Chinese and Iranian operations have shown, making law enforcement operations more challenging.
- Ransomware-as-a-Service (RaaS) will evolve, and I expect to see the increased compartmentalisation of ransomware operations. This will offer hackers resilience against increased law enforcement operations, enabling parts of the business chain to remain operational even if one part has been shut down. The return of Emotet shows the ability of criminal gangs to bounce back from high profile arrests.
- There will be a down-shift in targets, as criminals seek to target medium-sized organisations rather than focusing on enterprises. This brings the obvious benefits of avoiding law enforcement attention and targeting poorly-defended organisations.
- Business Email Compromise (BEC) attacks will move beyond phishing. By combining phishing with deepfake technology and native speaking criminals, BEC will remain a sustained threat to organisations which could be similar in nature to ransomware in due course.
- Well-funded criminals may seek to move away from relying solely on ransomware to buy zero days, using these in combination with other techniques.
Whatever 2022 brings, all organisations will need to be serious about achieving defence-in-depth across their people, processes and systems if they are to protect their data and mitigate the risk of downtime and data breach. A thorough understanding of the evolving threat landscape, along with the introduction of end-to-end cyber security principles, will go a long way to achieving this goal.”
How to Protect Your People and Your Residents
When it comes to protecting your local authority’s people and your residents from the negative impact of downtime and data breach, unfortunately there is no magic bullet. At Six Degrees we talk about the need to have ‘defence-in-depth’ by aligning your people, processes and systems. Here’s what we mean by that:
Your people. Your people are your first line of cyber defence. When they are trained in cyber security best practices and aware of the latest cyber threats, your people will complement your processes and your systems and manage data in a manner that protects your residents’ personally identifiable information (PII).
Your processes. Processes are equally as important as the people that follow them. Hackers will look for loopholes in your processes that they can exploit, especially where the appropriate diligence is not paid. Ensure your processes have the right diligence measures built in to prevent hackers exploiting any areas of weakness.
Your systems. Of course, your systems are an essential element of your local authority’s cyber security posture – especially in today’s cloud-based, agile working world. Securely configured and maintained systems are an essential element of your local authority’s cyber security posture, reducing your attack surface and minimising risk.
So, how can you protect your people and your residents? Well, we’re sorry we can’t just point you towards an off-the-shelf product that will cover this for you. Cyber security is a journey, but the good news is that – wherever you are on that journey – there are logical steps you can take to minimise the risk of becoming the next high-profile cyber-attack victim.
If you’re not sure where to start when it comes to reviewing your people, processes and systems, we can help. Our Aegis Cyber Security Maturity Assessment enables you to align your cyber security posture to your risk appetite by implementing best practices that will increase your protection against the biggest security threats to the UK public sector.