Hammersmith and Fulham Council has reportedly revealed it faces around 20,000 attempted cyber attacks every day.
According to reports from The Standard, most of the attacks consist of phishing attempts, and the council said it has applied anti-phishing measures and tightened up firewalls to deal with the threat.
Local authorities have become a popular target for cyber criminals in recent years, thanks to the large amount of valuable personal data they hold, often-outdated IT systems, and comparatively poor cybersecurity budgets.
According to the Information Commissioner’s Office (ICO), cyber attacks on local authority systems jumped by a quarter between 2022 and 2023 while personal data breaches reported by local government organizations surged by 58% in the same period.
Adam Boynton, senior security strategy manager EMEIA at Jamf, said the figures highlight the broad array of threats faced by local authorities across the country.
"The number of cyber attacks Hammersmith and Fulham Council is facing represents a wider issue, as security threats across all local councils have significantly increased over the last few years," he said.
"Councils hold vast amounts of personal data, making them prime targets for cyber crime. This data can be exploited for fraud, sold on the dark web, or used in future attacks."
Last year, information commissioner John Edwards urged local authorities to take cybersecurity more seriously and recognize the effect that breaches can have on people's lives.
"We trust local government with some of the most sensitive personal information imaginable, yet they remain one of the leading sources of data breaches," he said.
"This is not just an admin error – it is about people. When data is mishandled, it can have serious and long-lasting consequences, particularly for people in vulnerable situations. We need local government to do better."
UK councils face a barrage of cyber threats
During 2024, numerous councils faced cyber attacks, including a supply chain attack that affected the housing websites for Manchester, Salford, and Bolton councils.
Similarly, this time last year three Kent councils suffered an incident which severely disrupted services while an attack on Leicester City Council in March knocked IT systems and phone lines offline.
A large part of the problem is local authorities' creaking IT systems, Boynton said.
"Local council networks are particularly vulnerable due to their continued reliance on outdated IT systems and end-of-life software that are not equipped to handle modern cyber threats," he said.
RELATED WHITEPAPER
"These systems are frequently patched together over many years, introducing complexities in maintenance and security upgrades."
Jamf recommends implementing multiple defensive layers and enforcing more robust cyber hygiene practices, such as multi-factor authentication, secure passwords or password management software, and user awareness of security risks.
"Strong hygiene practices are an effective way to improve cyber resilience without stretching limited budgets," said Boynton.
MORE FROM ITPRO
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Using AI to code? Watch your security debtnews Black Duck research shows faster development may be causing risks for companies
-
Organizations warned of "significant lag" in deepfake protection investmentnews Defenses are failing to keep up with the rapidly growing attack vector, with most organizations being overconfident
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
-
Middlesbrough Council boosts cybersecurity spending, strategy in response to repeated cyberattacksNews Councils across the UK have publicly struggled with maintaining services in the face of major cyber disruption
-
Foreign states ramp up cyberattacks on EU with AI-driven phishing and DDoS campaignsNews ENISA warns of hacktivism, especially through DDoS attacks
-
Cybersecurity leaders must stop seeing resilience as a "tick box exercise" to achieve meaningful protection, says Gartner expertNews Collaboration between departments and a better understanding of organizational metrics are key to addressing security blindspots
-
A new 'top-tier' Chinese espionage group is stealing sensitive datanews Phantom Taurus has been operating for two years and uses custom-built malware to maintain long-term access to critical targets
-
Asahi production halted by cyberattackNews Yet another big brand suffers operational disruption following apparent hacking attack
