Local authorities need to urgently address their cyber vulnerabilities
In the wake of the recent ransomware attack on the NHS here in the UK, a survey by professional services firm PwC has found that only half of UK local authorities even claim to be prepared to deal with a cyber attack. The actual state of preparedness may in fact be much lower than that.
The PwC survey revealed that only 35% of local authority leaders are confident that their staff are well equipped to deal with cyber threats. This cautious assessment matches that of residents, of whom only 34% trusted their own local authority to manage and share their personal information data appropriately. At the same time, there is a growing demand by residents for council services to be available online.
In order to find efficiency savings from the use of information technology, as well as to meet growing expectations from residents, over the next few years councils will inevitably move more and more of their services online. Handled correctly, this is a very positive development opportunity. But the correlating threat comes in the form of more information about residents being held online and the opportunity this provides to hackers to steal that information.
Councils own internal networks are also under growing threat from cyber attackers, as demonstrated by the impact on the NHS over the recent WannaCry attacks, which shut down dozens of hospitals and GP surgeries. That attack was based on ageing IT networks and inconsistent use of patches to fix vulnerabilities in old operating systems.
Many local authorities are undoubtedly in exactly the same position as the NHS trusts, with old IT networks and operating systems, and therefore the level of vulnerability must be just as great.
Given this low state of readiness and concern over the level of preparedness, the recommendation from PwC is that local councils need to urgently address their cyber vulnerabilities. I can only strongly this recommendation and offer assistance to any local authorities who are concerned to contact me directly to discuss Transputec’s Cyber Security as a Service suite of options.