The Case Of Leicester City Council Cyber Breach: An Analysis Of Errors Public Bodies Could Be Making

The Case Of Leicester City Council Cyber Breach: An Analysis Of Errors Public Bodies Could Be Making

Categories :

By citiesabc resources

A compliance expert warns that other public bodies are at risk of similar attacks. The CEO of compliance training company Skillcast, Vivek Dodd, highlights the potential gaps in the security measures for other potential targets.

The Case Of Leicester City Council Cyber Breach: An Analysis Of Errors Public Bodies Could Be Making

The recent incident Leicester City Council server breach exposed some confidential documents online, including rent statements and passport information.

INC Ransom, a ransomware gang, claimed responsibility while echoing their recent attack on NHS Dumfries and Galloway.

The Strategic Director of Leicester City Council, Richard Sword, strongly condemned the breach while emphasising its grave implications. Given the UK Government's firm stance against engaging with ransomware actors, it's unlikely that the INC Ransom is looking to gain financially from these attacks.

How can other public bodies be alerted?

Compliance expert and CEO of compliance training company Skillcast, Vivek Dodd warns, “The landscape of ransomware attacks is evolving. With financial gains becoming harder to secure, perpetrators may resort to tactics designed to inflict widespread disruption as a means of exerting power.”

He emphasises the gravity of this shift: "Other public bodies are at risk of similar attacks which raises the concern of widespread digital disruption.”

While ensuring that staff receive training on fundamental aspects such as avoiding weak passwords or clicking on suspicious links, Skillcast highlights some of the less obvious errors that can have far-reaching consequences to help councils prepare:

1. Granting Excessive Access Permissions - Allowing users unrestricted access to resources beyond what is necessary for their role can increase the likelihood of insider threats and exacerbate the impact of a security breach.

2. Neglecting Network Segmentation - Failing to divide the network into smaller, isolated segments with separate access controls leaves it vulnerable to the rapid spread of malware or unauthorised access, amplifying damage to the council's systems and data in the event of a breach.

3. Neglecting Incident Response Preparedness - Failing to develop comprehensive incident response protocols tailored to specific cyber threats and scenarios hampers the council's ability to respond swiftly and effectively to security incidents, prolonging downtime and exacerbating the impact on operations.

4. Skipping Red Team Exercises - Neglecting to conduct regular simulated cyber attack scenarios, known as red team exercises, deprives councils of the opportunity to identify weaknesses in their cybersecurity posture and improve incident response capabilities through real-world simulations.

5. Disregarding a Zero Trust Architecture - Failing to adopt a zero-trust approach to security, where continuous authentication and authorisation are required for all network resources, exposes councils to heightened risks of insider threats and unauthorised access, compromising the integrity of their systems and data.

Skillcast advises that residents concerned about potential data breaches following the recent cyber incident should remain vigilant and monitor their financial accounts for any suspicious activity, including unsolicited communication. Additionally, refrain from providing personal or financial details unless certain of the legitimacy of the request.

Vivek states: “While the council is in the process of contacting affected individuals, residents are encouraged to proactively update their passwords and be cautious of phishing attempts. It's also essential to stay informed through official channels and seek support if you’re feeling overwhelmed.”

Skillcast: The compliance training company

The Skillcast Group sets up compliance portals to help companies educate their staff and record, analyse, and evidence staff activities to cope with their regulatory and ESG (environmental, social and governance) obligations. Its technology application provides e-learning management, in-person training management, CPD (continuing professional development), policy attestation, staff declarations, anonymised surveys, gifts and hospitality registers, PA dealing registers, whistleblowing registers, and compliance breach registers. It also provides a comprehensive set of tools for managing the approval/certification of Senior Managers and Certified Persons under the SM&CR for financial services firms.

The Group also provides several libraries of off-the-shelf compliance e-learning courses and develops bespoke e-learning content for blue-chip companies in the UK and across Europe. It has pioneered the Intelligent Learning approach, leveraging user interactions and gamification to drive employee engagement and compliance effectiveness.

Tags

Underwater Photography For Humanity: Dinis Guarda Interviews Christy Lee Rogers In His YouTube Podcast

Underwater Photography For Humanity: Dinis Guarda Interviews Christy Lee Rogers In His YouTube Podcast

May 29, 2024
How Can Coupon Codes Help You Keep More Money in Your Pocket?

How Can Coupon Codes Help You Keep More Money in Your Pocket?

May 28, 2024
Exploring Sacramento: Top Reasons Why California’s Capital Should Be Your Next Destination

Exploring Sacramento: Top Reasons Why California’s Capital Should Be Your Next Destination

May 27, 2024
6 Furniture Pieces Every Library Needs to Have

6 Furniture Pieces Every Library Needs to Have

May 25, 2024
How Technology Revolutionized Pediatric Dental Crowns

How Technology Revolutionized Pediatric Dental Crowns

May 24, 2024
8 Top Tips and Techniques for Effective Website Management

8 Top Tips and Techniques for Effective Website Management

May 24, 2024
Reasons Why Financial Modeling Can Help Your Business Grow

Reasons Why Financial Modeling Can Help Your Business Grow

May 24, 2024
Preparing a Party for Young Ones: An Essential Guide to Follow

Preparing a Party for Young Ones: An Essential Guide to Follow

May 23, 2024
How Sales Rooms Boost Business Performance?

How Sales Rooms Boost Business Performance?

May 23, 2024
How to Choose the Right Catering Service for Your Budget and Needs

How to Choose the Right Catering Service for Your Budget and Needs

May 22, 2024