Cyber security and the increasing risk of online attacks were highlighted to councillors in Pembrokeshire this week.
The issue had been moved up the corporate risk register following an increase in attempts on the county council system, with head of IT Lee McSparron adding at a committee on Thursday (June 25) “it’s no longer a probability because it’s actually happening.”
Pembrokeshire county council’s corporate overview and scrutiny committee members were updated on the departments work to improve awareness among staff as well as recent attempts to access the local authority systems.
Mr. McSparron said last month an email “purporting to be from the new chief executive asking for personal details” was received, with scammers clearly monitoring the council and others.
Since a 2019-20 audit highlighted critical issues a cyber security officer has been appointed and new eLearning and compliance training introduced.
The committee heard that the cyber security officer conducted a series of simulated email phishing attacks against staff in March 2021 which were designed to assess the susceptibility of staff to follow instructions in the emails.
Of 2,123 staff, 1,379 did not act on the email, 744 opened it and clicked the link as requested and 485 went further and submitted their username and password.
This has led to a cyber security eLearning module being designed by the department which is mandatory for staff and will be made available for councillors.
The council is connected to the Public Services Network and is bound by the Cod of Connection, as well as being part of IASME consortium which certifies organisations in cyber security and counter fraud.






Comments
This article has no comments yet. Be the first to leave a comment.