Kent County Council children’s department targeted in suspected cyber attack

A council has been hit by a suspected cyber attack, it has been revealed. Hackers gained access to Kent Count Council’s (KCC) children’s department when an officer clicked on a link to reset a password.

Cyber attacks are growing in size and volume, organisations have warned. Photo: PA

Cyber attacks are growing in size and volume, organisations have warned./ppPhoto: PA

Cyber attacks are growing in size and volume, organisations have warned. Photo: PA

The source of the attack was not identified or how much harm may have been caused, The breach emerged in a document published today (November 23) by KCC’s auditors, Grant Thornton.

Under the section detailing risks, the auditor stated: “In February 2023, there was a successful phishing cyber security breach.

“This occurred when an officer clicked on a link from an email to reset their password. “The attacker gained entry to the Children’s department – however there was no access to financial information that could impact financial statements.

Kent County Council was the target of a cyber attack. Photo: Stock

Kent County Council was the target of a cyber attack./ppPhoto: Stock

Kent County Council was the target of a cyber attack. Photo: Stock

“We have evaluated the impact the cyber security breach, the existing controls and response by management. “In line with Grant Thornton’s risk management policies, the audit team’s evaluation around cyber securiity breaches requires consultation and approval from our internal IT experts.”

“Phishing” occurs when a user is tricked into making an unwitting mistake.

Grant Thornton said one in three UK “entities” suffers a cyber attack in the UK, “so it’s more a case of when an attack happens, not if”. Philip Ingram MBE, a former military spy and now a respected commentator, said any public body which thinks it is safe is “bluffing itself” and says authorities must be on “red alert”. Mr Ingram said the threat may have emanated from criminals, a hostile nation state or so-called “hacktivists”.

He added: “Public sector organisations hold huge amounts of personal information, data and financial details that can be accessed and exploited.

Cyber security expert Philip Ingram MBE says councils must be on red alert. Photo: Grey Hare Media

Cyber security expert Philip Ingram MBE says councils must be on red alert. Photo: Grey Hare Media

Cyber security expert Philip Ingram MBE says councils must be on red alert.

Photo: Grey Hare Media

“Attacks have become more and more sophisticated. But any public body which thinks it is safe is bluffing itself – they should all be on red alert. It’s a massive challenge.”

The motivation behind attacks can be financial through “ransomware” demands, to access to sensitive material or to obtain a high-profile scalp.

Mr Ingram recommended local authorities and public bodies consult the National Cyber Security Centre for advice.

He also says hostile nation states are a threat to all organisations, especially if they operate in safety critical sectors such as utilities, financial services or healthcare. The report added: “High profile cyber attacks undermine trust in an organisation and shatter hard won reputations and consumer trust. “Over 80% of cyber attacks we read about could have been prevented through simple cyber hygiene.”

Attacks have become more and more sophisticated The report also noted: “We have evaluated the risk relating to cyber security that may impact financial reporting by understanding and evaluating cyber security controls.” Cyber security experts at Check Point Research have warned public sector bodies such as councils, health trusts and education establishments are at high risk, particularly from the use of sophisticated AI techniques.

The global number of attacks is the highest for two years in 2023 and is set to get even worse in 2024.

In a report published in the Security Journal UK magazine, Check Point said: “AI-enhanced phishing tactics might become more personalised and effective, making it even harder for individuals to identify malicious intent, leading to increased phishing-related breaches.”

Kent County Council was approached for comment.