Digital defence: is your local authority truly protected?

Ransomware has emerged in recent years as one of the most common forms of cybercrime – and one of the most dangerous.

More than ever before, businesses and organisations are finding themselves locked out of their most important databases and systems, where cybercriminals are holding their data and access hostage in exchange for their demands. What makes ransomware such a threat is that they are often so simple in their execution. They can start from something as ostensibly benign as a link or an attachment in an email, but the havoc they can wreak is practically limitless. And it’s not just the private sector that’s in danger: in the past five years, councils and local authorities in the UK have suffered a total of 33,645 data breaches. This is because many public-sector bodies are still relying on legacy infrastructure and struggling with in-house skill shortages, giving them a greater risk profile.

The cost of ransomware attacks for councils

The nature of council and local authority work makes them prime targets for cybercriminals, as they deal with an increasing volume of personal data in the delivery of digital public services. This means that now more than ever, the impact of a ransomware attack can be extremely severe:

• Financial loss: the cost of paying ransoms or taking steps to remediate issues can be substantial, as well as the knock-on costs of lost productivity caused by system downtime
• Data and privacy breaches: the loss of sensitive information can lead to major breaches of citizens’ privacy and disruption to their everyday lives
• Operational disruption: disruption and downtime can have a major effect on the delivery of public services to communities, such as healthcare provision, benefit payments, and permit and licence processing
• Reputational damage: a ransomware attack will generate large-scale publicity and put a significant dent in the trust a community has in its local authority, with regard to how their data is handled and how services are delivered
• Non-compliance violations: any successful attack would put an organisation in contravention of many regulatory requirements such as data protection regulations. This could lead to sanctions and fines being levied

A pledge to boost cyber resilience

The scale of the impact that a ransomware attack can have on a local authority was laid bare when Hackney Council in East London was targeted in October 2020. More than two years on, the authority is still recovering from the impact: many services went down and took more than a year to be re-established, and many local residents’ lives were affected as the payments they depend on were disrupted.

Thankfully, there is a recognition within the corridors of power that improvements need to be made in local authority cybersecurity. TechnologyOne has found that 60% of senior council leaders feel their security approach is outdated, while central government has pledged £37 million to help them bolster their cyber-resilience.

How SCC and Veritas can help

As part of our long-standing partnership with local authorities across the UK, SCC works closely with Veritas, a leader in security and ransomware protection. This allows us to offer four key services that helps councils to accelerate digital transformation with confidence, without being held back by vendor lock-in:

• Advanced anomaly protection: we use AI-powered anomaly detection solutions that can identify suspect behaviour early, so that you can take the swiftest possible action to isolate and remediate any issues without disrupting your data
• Office 365 protection: we provide a range of protection mechanisms for Office 365 applications, including the ability to archive, encrypt and restore data, archive key information for long-term safety, and easily demonstrate compliance with all relevant regulations
• Back-up data copies: we can help you create immutable storage checkpoints that allow you to recover information quickly without it being affected by ransomware, with a full audit record of any unauthorised modification
• The ‘3-2-1-1’ back-up strategy: our solutions enable a multi-faceted approach to backups, where three copies of data are kept on two types of media – one off-site and the other on immutable storage
  

In summary

As this blog demonstrates, the impact of a ransomware attack throughout a local authority – and the community it serves – cannot be underestimated. That’s why it is absolutely critical to put the most robust and comprehensive protection measures in place, so that these types of attacks cannot cause any lasting damage.

It’s understanding the importance of that protection that has guided the development of SCC and Veritas’ joint cybersecurity offering from the public sector. Take a closer look at Veritas technologies here, then get in touch with the SCC team to find out more on how we can support your specific requirements.