The Information Commissioner’s Office (ICO) has reported that cyber attacks are growing in the local government sector, with more than 150 incidents reported in the last year.

The reporting on incidents is updated by the ICO regularly, and can be accessed here: Data security incident trends | ICO.

This is against the backdrop of recent enforcement action taken by the ICO in respect of a major cyber attack on the London Borough of Hackney in 2020 where hackers accessed and encrypted 440,000 files, affecting at least 280,000 individuals, including staff and residents.

The ICO had originally considered fining the council, but ultimately issued a reprimand.  Public sector entities benefit from the approach adopted by the ICO, which moves away from fines for public bodies other than in the most egregious cases. Key reasons for a reprimand in this case included the council’s pre-existing good governance and its remedial actions immediately following the attack. This underlines to all organisations that the pre- and post-incident preparedness are fundamental in managing their cyber risk.

Some of the failings identified here included two areas which organisations often struggle with; patch management and password security. In fact, enforcement action taken by the ICO consistently identifies very similar failings across many cyber attacks, regardless of sector:

• securing external connections without multi-factor authentication;
• failure to act where logging and monitoring systems flag unexpected activity;
• failure to act on alerts from endpoint protection, such as anti-malware or anti-virus. This includes when there has been successful removal of malware;
• failure of employees to use strong passwords on internal accounts or using different unique passwords across multiple work/personal accounts, or both. This is especially the case for privileged, administrator or service accounts; and
• failure to mitigate against known vulnerabilities, and not applying critical patches within fourteen days where possible.

Building cyber resilience is an ongoing task for organisations, and the importance of prioritising robust operational compliance is highlighted by the range of issues referred to be the ICO above.

Cyber security is an issue facing all organisations, whether public or private, and regardless of size. We understand how challenging and disruptive data compromises can be and the consequences that can flow from them. Whatever the nature, size or stage of the issue, we  help clients to manage data breaches or cyber security attacks or better still, work with them on preventative strategies to mitigate the risk of them occurring.

Related News, Insights & Events