The inaugural Government Cyber Security Strategy plans to allocate £85m of investment in cybersecurity to local authorities.
The move comes after the number of ransomware attacks on UK institutions doubled in the last year, with the UK the third most targeted country in the world from hostile states. Local councils in the UK have been hit by over 33,000 successful data breaches over the past five years, denying Britons access to vital services and placing increasing strain on the workload and budgets of local authorities.
Perhaps the most significant attack came in October 2020, when attackers published data from Hackney Council and denied local residents access to services, ultimately costing the council over £10 million to recover from. With many councils relying on legacy technology and facing increasing funding pressure, the additional investment will be a welcome relief against the growing threat of ransomware attacks.
Allocation of the £85m Investment
The government plans to invest £2.6 billion over the next three years as part of its National Cyber Strategy, which will include “over £85m to tackle the challenges facing councils, helping them build their cyber resilience and protect vital services and data”, was outlined by the Chancellor of the Duchy of Lancaster, Steve Barclay.
The government will also invest in “retiring legacy IT systems” and establish a New Cyber Coordination Centre to change how data and intelligence on cyberattacks are shared by organisations across the UK.
While the investment allocation has not yet been detailed, the government’s National Cyber Security Centre (NCSC) recommends a range of technologies that organisations can deploy to strengthen their defences against cyberattacks.
Phishing is the most common attack vector in cyberattacks, while credentials are involved in over half of data breaches, according to Verizon’s 2021 Data Breach investigation Report. Accordingly, any cybersecurity strategy is likely to involve addressing the problem posed to local authorities from credentials, and relying on individual users to create, manage and enter passwords.
The NCSC had previously warned of “password spray” attacks on local councils, and states that it is working “to reduce organisations' reliance on their users having to recall large numbers of complex passwords”.
Specifically, the NCSC recommends organisations “Consider alternatives to passwords such as [Single Sign-On], hardware tokens and biometric solutions”, and recommends also mandating the use of Multi-Factor Authentication. These technologies are likely to feature in any cybersecurity strategy for local authorities, as they prevent unauthorised access being obtained through the most common methods of phishing and credential theft.
Read more on how organisations can protect against data breaches.