Hammersmith and Fulham Council has reportedly revealed it faces around 20,000 attempted cyber attacks every day.
According to reports from The Standard, most of the attacks consist of phishing attempts, and the council said it has applied anti-phishing measures and tightened up firewalls to deal with the threat.
Local authorities have become a popular target for cyber criminals in recent years, thanks to the large amount of valuable personal data they hold, often-outdated IT systems, and comparatively poor cybersecurity budgets.
According to the Information Commissioner’s Office (ICO), cyber attacks on local authority systems jumped by a quarter between 2022 and 2023 while personal data breaches reported by local government organizations surged by 58% in the same period.
Adam Boynton, senior security strategy manager EMEIA at Jamf, said the figures highlight the broad array of threats faced by local authorities across the country.
"The number of cyber attacks Hammersmith and Fulham Council is facing represents a wider issue, as security threats across all local councils have significantly increased over the last few years," he said.
"Councils hold vast amounts of personal data, making them prime targets for cyber crime. This data can be exploited for fraud, sold on the dark web, or used in future attacks."
Last year, information commissioner John Edwards urged local authorities to take cybersecurity more seriously and recognize the effect that breaches can have on people's lives.
"We trust local government with some of the most sensitive personal information imaginable, yet they remain one of the leading sources of data breaches," he said.
"This is not just an admin error – it is about people. When data is mishandled, it can have serious and long-lasting consequences, particularly for people in vulnerable situations. We need local government to do better."
UK councils face a barrage of cyber threats
During 2024, numerous councils faced cyber attacks, including a supply chain attack that affected the housing websites for Manchester, Salford, and Bolton councils.
Similarly, this time last year three Kent councils suffered an incident which severely disrupted services while an attack on Leicester City Council in March knocked IT systems and phone lines offline.
A large part of the problem is local authorities' creaking IT systems, Boynton said.
"Local council networks are particularly vulnerable due to their continued reliance on outdated IT systems and end-of-life software that are not equipped to handle modern cyber threats," he said.
RELATED WHITEPAPER
"These systems are frequently patched together over many years, introducing complexities in maintenance and security upgrades."
Jamf recommends implementing multiple defensive layers and enforcing more robust cyber hygiene practices, such as multi-factor authentication, secure passwords or password management software, and user awareness of security risks.
"Strong hygiene practices are an effective way to improve cyber resilience without stretching limited budgets," said Boynton.
MORE FROM ITPRO
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Cyber attacks against UK firms dropped by 10% last year, but experts say don't get complacentNews More than four-in-ten UK businesses were hit by a cyber attack last year, marking a decrease on the year prior – but security experts have warned enterprises to still remain vigilant.
-
Unlock profitability with Cove Data ProtectionWhitepaper Agile risk management starts with a common language
-
Ransomware missteps that can cost youWhitepaper Agile risk management starts with a common language
-
The big book of selling data protectionWhitepaper Agile risk management starts with a common language
-
Detection is not enough: Exposed assets require rapid mitigation to reduce and eliminate riskWhitepaper Agile risk management starts with a common language
-
850,000 patients may have been affected in the Globe Life breach after firm revises victim listNews US insurer Globe Life has revealed more than 850,000 patients may have been impacted in a data breach after initially believing only around 5,000 were impacted.
-
Tata Technologies hit by ransomware attackNews A ransomware attack forced the technology provider to shut down several IT services
-
Hackers are using a new AI chatbot to wage cyber attacks: GhostGPT lets users write malicious code, create malware, and curate phishing emails – and it costs just $50 to useNews Researchers at Abnormal Security have warned about the rise of GhostGPT, a new chatbot used by cyber criminals to create malicious code and malware.
