Public sector highly vulnerable to ransomware attack

New research from Clearswift has revealed a lack of cyber security awareness among public sector workers, with almost half unaware of ransomware.

Despite significant post-WannaCry progress, ransomware remains a key threat to local and central government, with the research finding that 77 per cent of public sector workers have been given no instruction in how to recognise ransomware, seven in 10 say there is no cyber security expert in their organisation, and many revealing that the need for more awareness only became heightened in light of increasing volume of coronavirus related cyber attacks.
 
The research with 1,000 public sector employees, revealed that 47 per cent have either not heard of, or do not know what ransomware is, with 42 per cent not having heard of, or what two-factor authentication (2FA) is. This lack of cyber security awareness is compounded by a lack of training – 77 per cent of respondents have been given no instruction in how to recognise ransomware, while 16 per cent have had no cyber security training whatsoever and 13 per cent just once.

The research, The Unknown Threat – Cyber Security in the UK Public Sector, revealed that public sector employees were not all using the most up-to-date operating systems that help defend against cyber attacks. Just over one in ten still use Windows 7 and six per cent still use Windows 8, a key area of vulnerability if those systems have not been updated with the latest patch, as was the case with WannaCry. There is also a lack of access to experts who can advise on what to be aware of regarding cyber security - 68 per cent say there is no dedicated cyber security expert in their organisation and only 12 per cent have communicated with a cyber security expert in the last six months.

With the coronavirus crisis bringing increased cyber-attacks alongside many public sector workers working from home, the current period is an opportune time to address security vulnerabilities. Even as we gradually emerge from the pandemic, local government and the wider public sector is under pressure to maintain public services whilst also remaining secure, so it’s right to think about how that could be achieved.

Clearswift’s Alyn Hockey said: “The public sector has seen significant developments since WannaCry but these findings suggest that there is still progress to be made. As we’ve seen the volume and variety of cyber-attacks increase, especially during the coronavirus lockdown period, it’s an on-going fight for the public sector to stay protected and constant and incremental improvements are the key to success. The right technology is important of course, but of equal value is ensuring that employees are fully aware of cyber security best practice and that the right processes are in place to mitigate the risk.

“The UK public sector has put in place many of the processes required to defend against ransomware and other cyber attacks. But recent events have demonstrated a clear need for more cyber vigilance and it’s an on-going battle in defending the public sector against cyber crime. Communicating clearly about the dangers of ransomware and updating legacy operating systems would be a great start, ahead of a broader look at overall cyber security strategies.”