The Courier & Advertiser (Perth and Perthshire Edition)
Computer crackdown to fight off hundreds of thousands of attacks
Local authority using simulated phishing mail as warning
Local authority bosses are stepping up security measures after they revealed they are fighting hundreds of thousands of cyber attacks a month.
Perth and Kinross Council said it is considering another wave of “phishing” emails to staff, to help alert them to increasingly sophisticated efforts by hackers to obtain confidential data.
In December, council workers received messages promising special Christmas offers and discounts from well-known companies.
However, if they clicked on the links, they received an educational message highlighting the risks of malicious mail.
Conservative councillor Angus Forbes told yesterday’s strategic policy and resources committee meeting he was one of the 25% of employees who was duped by the first wave of simulated phishing attacks.
“I’m a bit embarrassed by that,” he said. “But I thought it was a useful exercise.”
Mr Forbes was told the council had only purchased the phishing software for one year, but future use would be considered.
Council boss Murray Lyle said: “The council is defending itself against hundreds of thousands of low level malicious events every month.
“In addition to the recorded events, the council is fending off hundreds of thousands of malicious probes and scans every day, far too numerous to log and count.”
He said: “As a defender the council, like all other organisations, must defeat every attack on its systems, while the attackers unfortunately need only to succeed once.
“To eliminate risk completely is an impossible task, even with unlimited resources. We need therefore to take a risk-based approach.
“It is vital that our staff are trained to identify cyber threats as quickly as possible and respond and recover as effectively as possible.”
Although a quarter of staff fell for the first round of council-produced emails, a follow-up wave only received a clickrate of six per cent.
Mr Lyle said: “Cyber threats change rapidly and as a council we must continue to adapt and respond to these risks as and when they are identified.
“I am pleased to note that the annual independent assessment of our network security is satisfied that the council network is well run and securely configured.
“Those vulnerabilities identified within the assessment have been addressed, ensuring that our network continues to robustly defend council services from cyber attack.”
The council is fending off hundreds of thousands of malicious probes and scans every day, far too numerous to log and count. MURRAY LYLE PERTH AND KINROSS COUNCIL