Argus - Fotolia

Wigan data breaches underline need to share threat intelligence

Ongoing data breaches experienced by local authorities underline the need for greater sharing of threat intelligence, say security experts

Wigan Council has experienced more than 80 data breaches in the past two years, according to figures released in response to a freedom of information (FoI) request.

The FoI showed that sensitive, confidential or otherwise protected information had been accessed or disclosed on a regular basis in an unauthorised fashion.

An internal review report presented to the audit, governance and standards committee earlier this year stated that information security “still remains a high risk area” for the council, with continued data losses, despite officers from internal audit working with the council’s data protection officer on each occasion to ensure the breach was properly investigated, that adequate remedial action was taken and lessons learned are communicated widely.

“On each occasion the Information Commissioner’s Office (ICO) has been satisfied with the council’s response and has not enforced any form of penalty,” the report said.

The breaches at Wigan were not related to cyber security or external hackers but, according to a report by Wigan Today, various reasons were given to explain the missing data, including errors with information input, personal data being sent to the wrong address due to outdated information or technical error, and IT systems being accessed incorrectly or when unauthorised. 

According to the audit report, a burglary in 2017 led to the loss of council-held data, although it is not specified whether this information was held electronically or within physical documents. 

Brendan Whitworth, assistant director for legal services at Wigan Council, said information security is a high priority for the local authority.

"When a data loss happens, officers from internal audit work with the council’s data protection officer to ensure the breach is properly investigated, that adequate remedial action is taken - including disciplinary action if required - and lessons learned are communicated widely. We continue to reinforce the importance of data security to all our staff with relevant training to support this,” he said.

He added that data protection and information governance staff are now preparing for the General Data Protection Regulation (GDPR) compliance deadline on 25 May 2018.

Wigan's data breaches, while not cyber-security related in this case, further highlight the challenges faced by local authorities around data protection and information security.

In February 2018, an investigation by privacy campaigners Big Brother Watch revealed that UK local authorities face an average of 19.5 million cyber attacks a year, which equates to 37 cyber attacks or attempted breaches every minute on organisations that are accumulating growing troves of sensitive and personal information about citizens.

The report not only revealed an “overwhelming failure” by councils to report losses and breaches of data, as well as shortcomings in staff training in the past five years, but also that the problem is not confined to just a few councils.

Raj Samani, chief scientist and fellow at security firm McAfee said the agility of cyber criminal gangs gives them an advantage over public organisations. He said that for organisations to combat cyber criminals successfully, it is vital they prioritise threat intelligence sharing in the immediate aftermath of an attack.

“With this in place, it will become much easier for organisations to predict the shape of the next attack, and ensure they have the right procedures in place when it happens,” he said.

Read more about threat intelligence

  • There are five key challenges to cyber threat intelligence sharing, according to a report by McAfee Labs.
  • Threat intelligence tools are a growing market, and enterprises need to be able to see through the hype to get the best product for them.
  • Learn how threat intelligence services benefit enterprise security and how to subscribe to the right threat intelligence service.
  • Threat intelligence is quickly becoming an essential ingredient for protecting corporate systems and data.

Other security experts have suggested that councils implement automation processes to ensure that basic security tasks are performed routinely without needing human intervention.

Although human error is the main factor in making a cyber attack successful, the Big Brother investigation found that three out of four local authorities do not provide mandatory cyber security training to staff and 16% do not provide any cyber security training at all.

These findings raise concerns about the ability and commitment of local authorities to fend off cyber attacks, the report said, despite the fact that councils are collecting more personal information about citizens than ever, making them a growing target for cyber attacks.

“With councils hit by over 19 million cyber attacks every year, one would assume that they would be doing their utmost to protect citizens’ sensitive information,” said Jennifer Krueckeberg, lead researcher at Big Brother Watch.

“We are shocked to discover the majority of councils’ data breaches go unreported and that staff often lack basic training in cyber security. Local authorities need to take urgent action and make sure they fulfil their responsibilities to protect citizens.”

Read more on Hackers and cybercrime prevention