Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Combatting the Biggest Security Threats to the UK Public Sector in 2022
It’s been a challenging 18 months for a great many organisations, as we have adapted to remote working and the potential cyber security risks that it brings. Local authorities have had it harder than many, as they deal with a particularly unfortunate combination: being a popular and potentially lucrative target for hackers, while also having to deal with budget and staffing constraints that make end-to-end cyber security a challenge.
We’ve already seen some high-profile local authorities suffer data breaches, starting with Hackney Council suffering operational issues following a suspected ransomware attack in late-2020. It’s the kind of thing that keeps IT Managers up at night: systems grinding to a halt, resulting in public services being disrupted and thousands of frustrated residents becoming unable to carry out standard day-to-day transactions with their local authority.
In the more recent case of Gloucester Council, hackers succeeded in compromising security not once but twice. In the first breach, more than 30,000 records containing personal contact information were downloaded from council systems. The second attack at the end of December 2021 – reportedly launched by the same criminals – disrupted online revenue and benefits systems, planning and customer services.
In order to mitigate the cyber risk to your local authority, you first need to understand the biggest cyber security threats you face as a public sector organisation. With this knowledge, you can begin to implement the end-to-end cyber security measures you need to protect your local authority and its residents. In this blog, we’ll cover what you need to know.
With many of us working predominantly remotely since 2020, hackers have evolved their tactics to take advantage of organisations’ increased attack surfaces as users have strayed beyond the relative security of the corporate network. The key cyber security threats local authorities face in 2022 are phishing, ransomware, and business email compromise attacks:
Phishing emails are sent by hackers, and they pretend to be from someone you trust like your bank or even a colleague. Their goal is to convince you to do something which they can use to their advantage, such as click on a link to a malicious website or provide login and other personal details. Phishing emails are one of the main methods hackers use to deploy ransomware and business email compromise attacks.
Ransomware’s primary aim is to extort money from organisations and individuals who are infected. It achieves this by encrypting files that are saved locally and on shared drives connected to affected machines and then threatening to leak stolen confidential information onto the public internet. Once files have been encrypted, the user is notified and asked to pay money, typically in cryptocurrency, in order to obtain a key that will unencrypt the files. You can read more details about the ransomware attack suffered by Hackney Council in our blog.
Business email compromise attacks target employees within an organisation by sending spoof emails which fraudulently represent senior colleagues or trusted clients. The emails use social engineering techniques to issue illicit instructions, such as approving payments to hackers’ bank accounts or releasing confidential client data that can be leaked on the Dark Web.
In order to main your local authority’s operational integrity in 2022, you will need to minimise risk as far as possible when it comes to these three pernicious threats. We’ll shortly take a look at how you can go about establishing the end-to-end cyber security resilience you need, but before we do we’re going to share some thoughts from our Head of Threat Intelligence that we believe will be of value.
Our Head of Threat Intelligence, Thomas Cartlidge, heads up a team that monitors the evolving cyber security landscape. He shares his thoughts here on the key cyber security trends he believes you should be aware of.
“2021 was a tough year in the fight against cybercrime, and the bad news is that things don’t look like getting any easier in 2022. Here are some of the key trends I believe need to be highlighted:
Whatever 2022 brings, all organisations will need to be serious about achieving defence-in-depth across their people, processes and systems if they are to protect their data and mitigate the risk of downtime and data breach. A thorough understanding of the evolving threat landscape, along with the introduction of end-to-end cyber security principles, will go a long way to achieving this goal.”
When it comes to protecting your local authority’s people and your residents from the negative impact of downtime and data breach, unfortunately there is no magic bullet. At Six Degrees we talk about the need to have ‘defence-in-depth’ by aligning your people, processes and systems. Here’s what we mean by that:
Your people. Your people are your first line of cyber defence. When they are trained in cyber security best practices and aware of the latest cyber threats, your people will complement your processes and your systems and manage data in a manner that protects your residents’ personally identifiable information (PII).
Your processes. Processes are equally as important as the people that follow them. Hackers will look for loopholes in your processes that they can exploit, especially where the appropriate diligence is not paid. Ensure your processes have the right diligence measures built in to prevent hackers exploiting any areas of weakness.
Your systems. Of course, your systems are an essential element of your local authority’s cyber security posture – especially in today’s cloud-based, agile working world. Securely configured and maintained systems are an essential element of your local authority’s cyber security posture, reducing your attack surface and minimising risk.
So, how can you protect your people and your residents? Well, we’re sorry we can’t just point you towards an off-the-shelf product that will cover this for you. Cyber security is a journey, but the good news is that – wherever you are on that journey – there are logical steps you can take to minimise the risk of becoming the next high-profile cyber-attack victim.
If you’re not sure where to start when it comes to reviewing your people, processes and systems, we can help. Our Aegis Cyber Security Maturity Assessment enables you to align your cyber security posture to your risk appetite by implementing best practices that will increase your protection against the biggest security threats to the UK public sector.
Fortify your organisation’s security posture by evaluating your…
Planning for the Future of Cyber Security Today…
CHECK and CREST Certified Penetration Testing Services for…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.