How to avoid becoming the next local authority victim of a cyber-breach

Councils need to continuously assess, update and strengthen their approach to cybersecurity, writes Jonathan Lee, UK Director of Public Sector Relations at Sophos.

Local authorities are embracing digital technologies, making more services available online and enabling more employees to work remotely, especially as a result of the Covid-19 pandemic. They are also increasing their collaboration and integration with partners.

These developments all have security implications. Reviewing and reinforcing cybersecurity should be a priority, even and perhaps especially at a time when budgets are stretched.

A recently reported case of a council in the north-east of England showed that cyber-incidents can be very disruptive to the running of local authority services. They can also cost a great deal of taxpayers’ money – over £10m in that particular case.

Cyber-attackers won’t stop trying to breach local authorities’ security to steal the data they hold and/or damage their systems. Councils therefore need to continuously assess, update and strengthen their approach to cybersecurity.

Lack of visibility

The coronavirus pandemic meant remote working plans needed to be implemented in days rather than years. Many local authorities now have to protect systems and data in new ways and settings.

For IT teams this has made it even harder to see what is going on in their IT systems. They lack full visibility into their IT infrastructure and into the ‘cyber hygiene’ and software update status of computers and servers.

As a result, they can struggle to spot the anomalous behaviour that is often a sign of an attacker trying to gain a foothold in their network to launch a more disruptive attack.

Upgrade with AI

Now is not the time to try to save money by relying on ‘free’ bundled security tools. Councils need to work smarter, and focus on newer, next-generation technologies that use machine learning (AI) and automation to keep IT better protected.

This pays off in the long run as it also reduces the time your IT team has to spend monitoring and managing cyber security.

Tools such as endpoint detection and response (EDR) and even human-led managed threat response (MTR) can provide the visibility you need.

This should ideally be complemented by integrated cyber-security software, where each part can talk to the others and take automated actions.

If you ask yourself one security question today, let it be this one: if a cyber attacker hit you right now, would you be ready?


Attend the webinars

Mitigating Cyber Threats Faced by Local Government Authorities

We’ll discuss the cyber threats faced by local government authorities and how Sophos with ITHealth can help mitigate such threats and improve councils’ defences, whilst saving time and money with Sophos’ new local government licensing scheme.

Register for 5th November »


Helping Local Authorities Stay Cyber Assured

ITHealth will explain how its working with local government authorities to provide a dashboard which acts as a dynamic window into IT networks to help better manage cyber risk and remediation, as well as being an ongoing IT health check for assurance on the security state of the network.

Register for 11th November »