Calderdale council fending off cyber attacks from hackers using £20 kit found on the dark web

Calderdale Council corporate risk manager Martin Blower said many former hackers do not bother targeting public and private organisations themselves now, instead selling the information to others who buy their kits.

“If you really wanted to attack somewhere, it is not difficult.

“You can actually go on the dark web and buy a hacking kit for £20 and they’ve got helplines on some of them in case you can’t quite understand it,” he said.

Mr Blower said the cost to councils can be huge and they have to be ever more vigilant to stop hacks causing serious problems.

Recently, another council had been victim of an attack which had taken all their online services down for at least a month – no emails were going out from the authority because it was known they had been attacked and people were blocking them.

The cost to that council to recover from the attack was around £350,000, said Mr Blower.

Key to preventing hacks was constant monitoring of the council system’s firewalls to analyse information as it comes through to detect attempts to breach it, he said.

Hundreds of virus-carrying emails a month are blocked by the council’s defences.

“Cyber risk is one of the biggest and increasing risks to people’s organisations and it is one of the most difficult to manage because it is not obvious where your next attack is going to come.

“You’re only one step ahead of the hackers and they spend all their time searching for ways to get in,” said Mr Blower.

Attacks can come in many forms but the most common are “phishing” emails, where the recipient of an email is misled into supplying information such as user names or bank details, revenge attacks by someone with a grudge who may still have access rights to a system, and “supply chain” attacks targeting software provided to organisations.

Audit Committee councillors were debating actions the authority has in place to enhance security, with the cyber security officer’s role crucial and challenging.

Chair Coun Stephen Baines (Con, Northowram and Shelf) asked about follow-up training for councillors – this is mandatory or they are locked out of council systems.

Coun Steven Leigh (Con, Ryburn) asked about back-up plans as many organisations had them but when tested had proved wanting.

Mr Blower said an immutable back-up system was being developed which if an attack was successful would allow the council restart the system within days rather than months and while two weeks’ worth of information would be lost most would be saved – an incident at one council had seen them having to start from scratch. Cloud back up was also in the mix.

In response to lay committee member Martin Townsend, use of external expertise was also being considered though he stressed the council’s officer knows their field well.

Coun Silvia Dacre (Lab, Todmorden) said the constant risk of attacks was stressful for cyber security to deal with and the council planned to invest more people into it.

Budget recommendations contain proposals to do this, if approved.

v* Support your Halifax Courier by becoming a digital subscriber. You will see 70 per cent fewer ads on stories, meaning faster load times and an overall enhanced user experience. Click here to subscribe