4 minute read
Download the Second Free Cyber Report
Local authority leaders and their IT specialists can now download their second free annual report from the Cyber Centre of Excellence (CCoE) which reveals whether their cyber security vulnerability level has improved since last year.
This is the second year that the CCoE – an organisation which aims to make the UK the safest place to work, play and do business online – has funded a research exercise using the attack surface management tool FractalScan Surface. The technology scans the Internet using a domain name or IP address to look for misconfigurations, security vulnerabilities and exposed data.
The CCoE is an initiative designed to protect all organisations from cyber attack by keeping them abreast of developments and giving them access to military-grade cyber protection at high street prices. The organisation is backed by an Advisory Forum of some of the UK’s leading cyber security experts who can jointly assist with the full remit of everything an organisation of any size needs to do to stay as cyber secure as possible.
With the cyber threat level in the UK high and 2024 dubbed the ‘Year of Democracy’, with the most elections being held globally in history, the need for cyber security in local government is more crucial than ever. The vulnerabilities identified by the tool could be seen by anyone online, including hackers, revealing potential routes – or open back doors –into organisational systems. The aim of the CCoE Passive Scan exercise and personalised report is to allow the CCoE and the individual local authorities to identify areas of focus.
“Following the success of last year and how well received the individual council reports were, we have now carried out this exercise for the second time so we can do a year-on-year comparison and start to build up a picture of trends for each individual local authority,” explained Kurtis Toy, Chief Executive of the CCoE and vCISO/CEO of Onca Technologies. He added that the CCoE had committed to conducting the exercise annually for the foreseeable future. “We are aiming to provide an objective annual spot check to help ensure that the systems and processes local authorities already have in place are working to their expectations. The feedback we got from local authorities last year was either that they were grateful or that they were reassured. This is entirely sponsored by the CCoE as a research exercise and as a helping hand. We have again included the recommendations in the report of where vulnerabilities are and how to fix them.”
Within each council report, scores are generated in four areas, with each area receiving a score between 1 and 5. On this scale, 5 is classed as excellent and a 1 would place an organisation as being very vulnerable to attack. As well as providing an individual comparison to allow each local authority to identify whether their vulnerability has increased or decreased since the scan was carried out in 2023, the report also provides an overview of the council compared with their region, and they get a total number of vulnerabilities and a comparison to where that sits for the UK. The report also highlights the top twenty vulnerabilities for the local authority and top twenty actions to address them.
Toy stressed that the data in the report is only one small metric in the context of an overall cyber security strategy. “A lower score doesn’t mean that a local authority has terrible security, it just means that aspect of their security needs improving. There are other strands that need to be in place in addition for a strong cyber security stance, including staff training and endpoint security, for example. And, likewise, a perfect score does not mean they are invulnerable. All we are giving is effectively a map of where a hacker is most likely to look if they were targeting their domain, which is very different to if they receive a phishing email and someone clicks on it.”
Vulnerabilities frequently found included badly configured services, out of date software, forgotten servers and neglected websites affected by mergers or organisational changes. Often configuration changes are made which accidently make information available online without an organisation’s knowledge.
As with last year’s reports, information on individual councils will not be made publicly available. Copies of the individual 2024 reports will only be available to download by a CEO, vCISO or IT manager within each local authority or by their authorised IT representatives.
• Contact the CCoE to request a copy of your organisation’s report or email enquiries@ccoe.org.uk.
