An investigation into cybersecurity at UK public services revealed a large disparity in defense budgets, hundreds of website vulnerabilities and staff email addresses and passwords at one council posted in full online.
The ITV News investigation found that one UK council spent only £32,000 a year on cybersecurity. By comparison, another council – with a smaller population – had an annual cybersecurity budget of £1m, over 30 times larger.
The investigation also revealed that one hospital had only put aside £10,000 a year towards cybersecurity.
The investigation is withholding the names of the public institutions.
ITV News found that the cyber-attacks had caused real-life problems, including:
- Residents forced to leave their homes
- Canceled hospital operations
- Incorrect benefit payments
- Overcharged tax bills
- House sales falling through
- Repairs to council houses not being carried out
- Inability to apply for council housing
- Sensitive data leaked online
The investigation noted that various experts expressed concern to ITV News about a lack of clarity and standards for public services regarding cybersecurity.
In December of last year, Gloucester City Council’s servers were compromised by Russian hackers. Last month, it was reported that its IT systems are still not fully operational. The local authority set aside £380,000 ($514,000) to remediate and recover from the incident, according to reports.
In October of last year, it was reported that UK councils had been hit by a staggering 33,645 data breaches caused by human error in the past five years, according to official figures.
The data, obtained following a Freedom of Information (FoI) request sent by VPNOverview to 103 county councils in the UK, broke down the number of breaches suffered by each body.
The local authority with the worst record for human-caused data breaches was Hampshire County Council, with 3759 incidents since 2016. This included 902 breaches in the year 2018/19.
Gloucestershire County Council had the next worst record, suffering 2723 breaches in this period. It also experienced the largest increase from 2016/17 (90) to 2020/21 (1004) of any UK council, a rise of 1016%.
In January of this year, the UK government unveiled its first-ever cybersecurity strategy, which aims to protect essential public sector services from being shut down by hostile threat actors. Chancellor of the Duchy of Lancaster Steve Barclay announced £37.8m in funding to help local authorities boost their cyber-resilience. This will protect essential services and data, such as housing benefits, voter registration, electoral management, school grants and social care provision.
Read more: https://bit.ly/3utpoTR
You can also read this: Ukrainian Cops Bust Multimillion-Dollar Phishing Gang