More than 21 million cyber attacks have targeted Blackpool Council’s website in a single 12 months, figures revealed today show. A total of 21,164,974 attempts to breach IT systems were blocked, the council’s Audit Committee heard.
And councillors were warned hackers are using increasingly sophisticated techniques to launch their attacks.
A DDoS (denial of service) attack last September disrupted council networks for half a day.
Tony Doyle, the council’s head of IT, said: “We had some technology in place that we were able to use to reduce the impact and we learnt some valuable lessons from that.”
He said all staff and councillors were being trained to recognise rogue emails and the council did currently have a good rating for its cyber security.
But Mr Doyle warned attacks were “coming from across the globe” as well as “thousands of malicious emails that attempt to infect or steal data from the council’s network.
“The service has seen increasing evidence of cleverly crafted and personally profiled spear phishing emails that even the most savvy end user would be tempted to click on.
“There is no doubt the cyber threat is growing and in spite of continuing investment and commitment of time and resources, the threats will continue to challenge the council in the future.”
Cyber criminals are using increasingly sophisticated techniques such as machine learning and encryption.
Mr Doyle added: “It is essential we continue to invest and develop the council’s cyber defence capabilities to provide adequate assurance in this area.”
An updated security policy was launched in December along with mandatory cyber skills training for all staff which must be completed by the end of January.
An internal phishing test found less than one per cent of council workers were fooled into clicking onto a mock scam email.
If a cyber attack led to a data protection breach, the council could be fined up to four per cent of its turnover, or 20 million euros (around £17.6m).