Cyber attacks on UK councils’ remote workers more than tripled during the pandemic, according to a series of Freedom of Information (FOI) requests. The requests made by Insight, a Fortune 500-ranked global provider of Intelligent Technology Solutions, found attacks rose by an average of 213% from March 2020 compared to the 12 months before.
On average councils switched 74% of their employees, more than double the UK average, and representing more than 1.4 million workers across the UK, to remote working during the pandemic. This presented many challenges such as having to adapt to a new way of working and being under budget pressures.
According to the FOI requests, only 20% made additional investments in security, investing an average of £46,000 – in all cases taken from the wider IT budget. As a result, investments in security came at the expense of other IT services. With increased remote working set to continue in 98% of councils, attacks targeting employees at home will likely continue to increase, especially if investing in security doesn’t become a priority.
Eliminating gaps in security is key
“The fact that councils could move their employees to remote working without disrupting services needs to be recognised for the major achievement it was,” said Darren Hedley, Managing Director, UK & Ireland at Insight. “However, councils now need to build on this success: putting in place and strengthening defences to protect remote workers and eliminate gaps in security that could allow attackers to threaten essential services. It’s likely that many councils cannot do this alone. They need support and resources from central Government, or else we will see more and more employees and councils falling victim to attackers.”
It was found that less than half (47%) of councils invested more of their security budget in increased security training for remote workers. At the same time, only 6% prevented any employees from working remotely because it wasn’t possible to guarantee secure access to data.
“Clearly the priority in 2020 was enabling remote working, but more than a year into the pandemic it’s worrying that many councils still haven’t been able to assess their security posture,” said Charlotte Davis, Cyber Security Practice Lead, Insight. “These assessments need cover the entire threat landscape, including third party risks, and honestly analyse gaps in the organisation’s security posture. Once this is in place, councils can take the appropriate action to repair any gaps, from investing in technology, to building security awareness and putting frameworks in place so employees can follow best practice. Doing this will demand time and resources, so it’s essential that councils are given the support they need.”