A West London council has revealed it is hit by around 20,000 attempted cyber attacks every day.
Hammersmith and Fulham says it has applied measures such as anti-phishing and enhanced firewall rules to combat the attempted attacks.
It is understood the 20,000-daily is not an unusual rate for an organisation of its size and nature with phishing one of the main issues faced. This is when fake communications, whether by email, social media or other means, are sent to try and draw personal information or money from the victim.
A spokesperson for the umbrella group London Councils said several boroughs in the capital have been subjected to major attacks in recent years, sometimes leading to significant disruption and costs. In October 2020 Hackney Council was the subject of a ransomware attack following which personal details of council staff and residents were posted on the dark web.
The Local Democracy Reporting Service (LDRS) recently reported the council is expecting to spend hundreds of thousands pounds more than planned recovering from the attack. In July last year the Information Commissioner’s Office (ICO) rebuked the local authority for a ‘lack of proper security and processes to protect personal data’.
The council disagreed with the findings. Transport for London (TfL) was also hit by a large cyber attack last year forcing it to close many online services for months.
At a Hammersmith and Fulham Policy and Oversight Board meeting last week, Cllr Rory Vaughan asked about the spend planned for cyber security for the year ahead. Council documents detailed how additional investment is earmarked for 2025/26 to improve cyber security processes and infrastructure alongside regular updates to staff.
Cyber security spend is included within the £124,000 earmarked for the council’s Digital Inclusion Strategy which will also fund activities to help residents improve computer literacy. Referencing cases such as that in Hackney, Cllr Vaughan asked whether the investment is intended to increase the council’s resilience against cyber attacks while also giving residents more confidence in interacting with the local authority digitally.
Cllr Rowan Ree, Cabinet Member for Finance and Reform, said there had been a number of cyber attacks on the public sector including not just Hackney but the British Library and Guy’s and St Thomas’ NHS Foundation Trust.
“We’re very alive to the threat of this. There are 20,000 attempted cyber attacks on the council every day,” he said. “That shows the scale of the challenge that we’re facing.”
Cllr Vaughan further asked about training the local authority was providing against phishing and other similar attacks. Cllr Ree acknowledged phishing is a significant threat, noting not just staff but councillors are likely to have received ‘odd emails’ over the last year.
He said: “We have to make sure that everybody who’s in a role where you’re susceptible to get these sorts of emails has got the proper understanding so that they can combat cyber attacks like this.”
A spokesperson for Hammersmith and Fulham Council said: “We have applied aggressive anti-phishing and anti-spam policies and enhanced firewall rules that block suspicious traffic.”
A London Councils spokesperson said: “Every London borough is vigilant to the risk of cyberattacks, which can range in severity and impact. In recent years we’ve seen several boroughs across the capital subjected to major attacks, sometimes leading to considerable disruption to services and costs to the boroughs.
“All London boroughs invest in cyber security tools and processes to keep their systems safe. We also collaborate to share insights and intelligence about potential threats to maintain the smooth-running of local services.”
