…In the case of Gloucester City Council, two in a decade has been enough to warrant an investigation.
The most recent attack was discovered just before Christmas as the local authority discovered ‘sleeper malware’ on its system. This malicious software had been embedded in an email that had been opened by an unsuspecting council officer and started causing significant disruption to key services. Residents trying to use these services found that certain online application forms used to claim housing benefit, test and trace support payments, discretionary housing payments and council tax support, had been delayed or made unavailable.
The knock-on effect has been significant with the council admitting it could take months to fix affected servers and systems need to be rebuilt. Not only does this cause disruption and inconvenience; not to mention cost, the council is now facing an investigation as this is the second time they have been successfully hacked in ten years.
It begs the questions - how many cyber-attacks are too many? Lots of people would argue that it can only take one successful attack to bring an organisation to its knees, but one thing here is clear – it doesn’t matter who you are, establishing bulletproof resilience to cyber-attacks is of critical importance, especially for public sector establishments, who are often prime targets.
Given that Phishing is one of the principal delivery methods of malware, and that it was the entry point for Gloucester City Council’s most recent attack, focussing on making sure staff are clued-up on what constitutes a phishing email is one of the best places to start.
From that point, deep visibility across your network is key in understanding where threats and vulnerabilities may lie. Click here to read our e-book that lays out the first three steps we recommend when building a strong cybersecurity posture.