Three-Quarters Of Local Government Departments ‘Hit By Malware’

More than three-quarters of local government departments say they’ve experienced internet-borne attacks in the past year, with half saying they were struck by ransomware during the period, according to new figures.

The findings, in a report called ‘Cyber Security: Threats and Opportunities Across Local Government’ compiled by computer security firm Malwarebytes, are likely to raise fresh concern over local government’s ability to function in an ever more hostile online environment.

Ransomware threat

Ransomware, in particular, has caused increasing disruption to the workings of public-sector organisations on all levels, from the NHS turmoil caused by the WannaCry ransomware earlier this year to smaller-scale incidents affecting councils and other government bodies.

Malwarebytes said the NHS attack showed the disorder that could be caused by “career criminals”.

“Other high profile incidents, such as the ransomware that crippled Lincolnshire County Council, provide further evidence of just how devastating this type of crime can be,” said Malwarebytes’ EMEA vice president Anthony O’Mara in a statement.

Lincolnshire County Council was forced to revert to pen and paper for most of a week at the end of March 2016 following a ransomware, which was caused when a member of staff opened a malicious email attachment.

Ransomware locks files on organisations’ networks and then demands a payment to decode them.

Lack of confidence in security systems

Malwarebytes’ study, based on research carried out by iGov Survey of senior figures at 38 local councils across the UK in June of this year, found one-third of respondents weren’t confident in their security system’s ability to block malicious traffic or protect against zero-day threats such as ransomware.

At the same time respondents said it was difficult for new technologies to be brought in, with 72 percent saying it was difficult or very difficult to successfully integrate new systems and applications. More than half, or 52 percent, said they were concerned by the complexity of cyber threats and the need to keep up with new developments.

Councils’ top three concerns with regard to cyber attacks were the loss of sensitive data, at 53 percent, the financial repercussions, with the same figure, and the impact on service delivery, at 41 percent.

Developing a response

O’Mara said councils were aware of the threat posed by increasingly complex attacks but found it difficult to know how to respond.

“Many high-ranking government officials are now left confused as to how to best deal with these threats,” he stated.

In one of the most recent incidents to affect the public sector, Copeland Council in western Cumbria was hit by a ransomware attack that forced it to take some internal systems offline for several days at the end of August to the beginning of September.

The council said frontline services continued to operate but that its website was inaccessible for some users.

“Through no fault of our own, we have been one of a number of victims of this malicious random attack, and although it may take some time, we will make a full recovery,” said Pat Graham, Copeland Council’s managing director, at the time.

Do you know all about security in 2017? Try our quiz!