Last year, councils across the UK reported more than 700 data breaches as a result of ransomware which caused lasting damage and disruption for many.According to the same recent study, 45% of councils have no qualified security staff in their teams, and one council reported a huge 29 data breach incidents in 2020 alone.
These figures indicate a glaring hole in local governments’ cyber security measures; and when 98% of cyber-attacks begin with an email, it’s clear where the public sector’s focus should be.
New Cyber Crime Patterns
Cybercrime is a constantly evolving enemy, with new techniques and technologies being unleashed at a rapid pace.
Recently we’ve seen a pattern of increasing ransomware attacks targeted at operating systems of nationally significant institutions. Where attackers had once targeted retailers and healthcare providers for their customer data and patient records, it seems that the value of personal financial data has been diluted by the sheer volume of leaked information on the dark web.
Rather than selling personal data on, ransomware threat actors now seem to be relying on companies and governments needing to buy their own data back or to reclaim autonomy over their operations.
This is evident in recent attacks against the UK Labour party, in which party members’ personal information was compromised by a data breach after a ransomware attack on a third-party supplier who had been managing their data. This attack comes just over a year after another similar incident impacted the Labour Party in May 2020, when their cloud software provider Blackbaud was hit by a ransomware attack.
Post-incident forensic analysis has revealed that the attackers gained access to unencrypted banking information, credentials, usernames, passwords and more. To address these attacks - and to prevent further breaches - Labour Party members have been advised to enable two-factor authentication wherever possible, and to remain ‘vigilant’.
While this isn’t necessarily bad advice, it demonstrates a lack of advanced cyber security knowledge within the public sector that would better prepare organisations for future cyber attacks. In fact, research indicates that, on average, the UK's councils spend £1.58 on security training per employee annually.
In addition to various ransomware attacks in recent years, the UK has also seen attacks targeted at voice over internet protocol (VoIP) providers. VoIP providers offer internet-based calls to a range of customers – notably public services including the police and local governments.
The DDoS attacks on British VoIP firms appear to have been part of a co-ordinated extortion-focused international campaign by professional cyber criminals – causing major disruption to important public sector meetings hosted over Zoom & Microsoft Teams.
Professional cybercriminal groups are often funded by foreign governments, who seek to benefit from the potential data stolen in ransom attacks. Yet in the case of the recent VoIP DDoS attacks, it seems the goal of the cyber threat actors was instead to extort those VoIP companies for information or meeting logs.
This is an interesting new deployment of DDoS attacks which have previously been known as quite a blunt instrument in the cyber security sphere.
It’s clear the public sector is a high-value target for cybercriminals, and hackers are becoming more creative with their chosen attack vectors, which rely on poor security training and incident response. So - what can be done to keep the public sector, and the UK’s digital infrastructure as a whole, safe from cyber threats?
Email Security as a Solution
There are solutions to these security pitfalls.
Combating ransomware attacks - as well as other sophisticated email attacks such as spear phishing and impersonation – can be automated by intelligent SaaS packages such as Barracuda Sentinel, an A.I. powered inbox defence system.
The Barracuda Sentinel A.I. takes an active approach to email security by scouring through user mailboxes to identify behavioural anomalies or malicious content within email messages, all automatically. This drastically reduces the risk factor of social engineering attempts & scammer tactics by recognising unusual behaviour across an organisation’s inbound & outbound mail.
Barracuda also offer DDoS attack prevention as part of their Essential email security service. Combining advanced spam detection, rate control and real-time DNS checks on new email contact domains, their email security software quickly puts a stop to any potential flood-based attacks.
Defending against all email-based attacks is made easier with Barracuda’s Total Email Protection service.
Both Sentinel inbox protection and Barracuda’s Essential mailbox security are part of the Total Email Protection service – a multi-layered email security software package made up of several unique defence layers to create a complete & comprehensive email security solution.
What are your thoughts on the UK public sector’s cyber security? Join the discussion.