84% of local councils in the UK vulnerable to phishing attacks via email

84% of local councils in the UK vulnerable to phishing attacks via email

LGA gets £1.5 million grant to strengthen cyber security of local councils`

A majority of local councils in the UK do not have adequate safeguards against phishing emails, thereby exposing their citizens to malicious hackers.

Very few local councils have adopted a cyber defence protocol that helps detect phishing emails despite NCSC’s recommendations.

Back in 2015, privacy campaign group Big Brother Watch revealed that between 2011 and 2014, local councils suffered 4,236 data breaches, including 401 instances of data loss or theft. At the same time, the group also learned that there were 628 instances of incorrect or inappropriate data being shared in emails, letters, and faxes.

Two years down the line, the situation hasn’t improved much. An analysis of 152 council domains by cloud data intelligence firm OnDMARC has revealed that 84% of local councils continue to lack adequate protection from cyber-attacks.

In June, the National Cyber Security Centre rolled out an active cyber defence protocol named DMARC which it said will help local councils authenticate an organisation’s communications as genuine, thereby removing the threat from phishing emails.

The NCSC hoped that the adoption of the DMARC protocol by .gov domains would make email spoofing much harder and would prevent hackers from breaching IT systems owned by government authorities.

OnDMARC observed that as many as 84% of local councils across the UK haven’t adopted DMARC as yet, thereby continuing to place their IT systems and internal data at risk. While 15% of local councils in London have adopted the protocol, only 11% in the East Midlands, and 17% in the North East have adopted it so far.

The situation is much worse in the North West where just one council has adopted the DMARC protocol to block phishing and spoof emails.

‘Without DMARC, local authorities’ email domains can easily be spoofed by criminals. What this means for residents of some of England’s largest cities – including Birmingham, Liverpool and Bristol – is that they’re being put at risk of receiving fraudulent emails and thus falling victim to data or financial theft,’ said Randal Pinto, COO and co-founder, OnDMARC.

‘Whether you’re dealing with residents of the smallest local authority in the Isles of Scilly or Barnet, the largest borough of London, local authorities have an obligation to ensure their citizens aren’t a target for phishing attacks from spoofed Government email addresses.’

‘While a handful of councils have taken steps to secure their domains, more authorities need to heed the advice of GCHQ’s security arm by deploying DMARC,’ he added.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]