Cyber security monitoring and risk assessment in local government authorities: a social engineering exercise
Total value of project
Dr Anitha Chinnaswamy (PI), Professor Alexeis Garcia-Perez (Co-I)
A UK local authority
Duration of project
01/05/2018 - 30/09/2018
The CBiS team worked with a UK local authority to improve their digital resilience and their cybersecurity operational practices. The collaboration sought to assess the cyber security readiness of the council by conducting a vulnerability testing exercise that targeted the cyber awareness levels of the workforce and their ability to make informed decisions when dealing with potential cyber security threats.
Cyberattacks and threats are the biggest challenge organisations face today. With digital transformations and advancement, these organisations are constantly having to focus on managing risks and reduce the cost of cybercrimes. However, cyberattacks in recent times have become more specialised and criminals are focusing now on using deceptive techniques to target individuals. This growing trend of attack patterns have significant damages to an organisation that not only includes financial losses and operational disruptions, but also a significant reputational damage. In the light of current regulation (e.g. the new General Data Protection Regulation), these risks become particularly relevant for organisations that store financial information and personal identifiable information about individuals, as it is the case for a City Council in the Northern region. Cyber readiness of the Council is therefore vital in aiding the readiness to detect, prevent, contain and respond to evolving threats in the digital environment, which have had a severe effect in similar institutions.
The aim of this project was to achieve the operational change required to overcome some of the key barriers to eGovernance and ICT adoption, particularly those related to data security and operational resilience. The project involved testing the responses of staff to three types of simulated cyber-problems (phishing emails, malicious software and identity theft), to examine vulnerabilities and responses of the organisation. The research highlighted the digital vulnerabilities of local authorities; the need for better digital and ICT training for staff; and the importance of leadership, governance and incident management skills at senior management level.
This project led to raised awareness and changes in policies and practice of the senior management board and staff at the local authority. The board redesigned the ICT and digital transformation strategy, to focus upon improving cybersecurity and eGovernance in the organisation. These elements are now seen as a pre-requisite for successful operation and data compliance in this sector.
The findings of this project were published in a short report for The Conversation shortly after its completion, with an aim to raise awareness of the importance of increased efforts in the sector.