UK Council Cyber Attack Reveals Global Public Sector Risks

Recent news shows that cybercriminals have taken a fancy to public sector institutions which are being relentlessly attacked for the data they hold. 

Be it the City Government Ransomware attack in Minnesota, US or the Municipality IT supplier attacks in Sweden or the very recent breach of the ManageMyHealth patient portal in New Zealand or the Salt-typhoon hack of US congressional member’s emails, they all tell the same story: cyberspace is at war. 

The UK is no different, with suspected Chinese attackers hacking the government's foreign office and several councils being attacked. The latest to be targeted is Kensington and Chelsea Council, which has admitted the personal details of hundreds of thousands of citizens may have been stolen. 

The Kensington and Chelsea Council cyber attack targeted shared IT infrastructure, which Dray Agha, Senior Manager of Security Operations at Huntress, calls a “critical vulnerability” and a “double-edged sword”. 

He adds: “While such systems are efficient, the breach of one council can instantly compromise its partners, crippling essential services for hundreds of thousands of residents.

“It underscores an urgent need to move beyond simple cost-saving IT models and invest in resilient, segmented networks that can contain such threats and protect vital public services.”

Why public sector data is at risk

Public sector institutions operating with “ageing infrastructure”, while holding vast amounts of sensitive data and access to critical public services, makes them a prime target for cyber criminals. 

Public sector institutions hold names, addresses, national IDs, tax or council tax records, health or benefit information and login credentials, which can be used by cyber criminals for elaborate scams, identity theft and other fraudulent activity.  

While the UK Government’s new cyber resilience action plan aims to strengthen departments against attacks and coordinate responses to breaches, concerns remain over whether enough funding is being allocated to secure critical systems.

Gregg Hardie, Public Sector Regional Vice President at SailPoint, says that “cyber criminals don’t need sophisticated techniques to be effective”.

He says: “Many operate on a high-volume, ‘spray-and-pray’ basis – sending thousands of emails, calls or access attempts, knowing that even a very small success rate is enough to trigger a serious breach.”

Identity security becomes a 'priority'

According to Gregg, the point of entry for attackers into public sector systems is often identity, as “attackers increasingly compromise legitimate credentials and then blend into normal activity”. 

He continues: “Once inside, that access can remain dormant for long periods, flying under the radar until it’s activated at a moment that causes maximum disruption. 

“This is why identity remains the root cause of most breaches – especially in complex public sector environments where visibility across users, systems and access rights can be challenging.”

This makes identity security a significant priority and not an afterthought. 

“The right technology can support public sector organisations to continuously monitor identity behaviour, detecting subtle anomalies that appear legitimate on the surface,” says Gregg. 

“This can help them to act early before low-level compromise escalates into a major incident. Prevention, not just reaction, is what ultimately determines cyber resilience.”