Hackney council cyber attacks - council can’t pay benefits

[Keratinsmooth]

This doesn’t seem to making much of a ripple in the National media but the council have had a serious cyber attack, apparently ransomware, leaving the council unable to receive and make payments, such as housing benefits over a week after the attack.

Hackney isn’t alone in the nature of this attack, Other authorities have been hit. Redcar and Cleveland were hit, with a bill estimated to be £10 million and others.

Why are councils not investing more in cyber security technologies? There are companies offering amazing technology.

Aibu to think that protecting systems against these attacks and citizen data should be high on the priority list of all council leaders.

www.hackneycitizen.co.uk/2020/10/19/cyber-attack-investigation-continues-council-systems-paralysed/

I chose a local media outlet rather than a national.

Because cyber security costs a lot of money, and councils tend to have very limited budgets anyway. Even big companies that are private don't spend a lot on security. You'd be shocked at how little some banks spend on security.

Jesus! What are people going to do??

Why do councils and central government CONSISTENTLY spend millions on IT systems that are a pile o' shite? (have been doing battle with both the HMRC online portal and the local council's online schools admissions form this week ).

Mind you, it's practically a time honoured tradition in Hackney- I remember queues round the block from the council offices in the late '90s, thanks to a dodgy Housing Benefit IT system from a company called ITNet. People were getting paid months late. At least in those days you could just go "Fuck this shit!" and go and live in a squat.

I just checked Hackney Council, they are publicising there.

I know there has been a massive push towards going digital for cost saving purposes, as well as modernisation - but there should be far greater support for councils for this kind of infrastructure.

Cyber Security seems to be one of those skills that is in short supply and so anyone who is any good will earn a lot more than any branch of government will pay them.

That’s awful hopefully it’s sorted soon for the poor people it will affect.

Many companies seem to underestimate the importance of good IT systems and security unfortunately.

A lot of the problem is the attitude of staff though. DH works in IT and he constantly has management who don’t understand what needs to be done or why, and also want miracle solutions for no budget. On the other side he has staff who click on phishing links and enter their password, but won’t confess they’ve done it. He doesn’t give a shit who clicked on the link, but he needs to know if they have so he can solve the problem!

nosswith Oh, maybe that's why they're so keen on recruiting ballerinas to "retrain in cyber" then....

Why are councils not investing more in cyber security technologies?

Because 10 years of cuts means councils are broke and don’t have money to spend.

There are companies offering amazing technology.

For a price. Which councils can’t afford.

The IT in the whole of the public sector is appalling, but they just don’t have the money to keep up with current technologies, and public money shouldn’t be used on experimental technologies.

It’s scary that people are going without benefits, IT budget cuts will really lead to increased poverty if this type of cyber attack happen again.

If this has crippled Hackney council, I wonder which council could be next?

Councils dont pay enough to get decent IT staff. Local county council pays about half the going rate in the private sector. So they cant recruit to fill vacancies and they end up having to pay contractors at three times the rate they wanted to pay. Then of course they have even less money the following year to pay decent salaries or invest in equipment or training. And of course many councils were in financial before COVID because of the withdrawal of the central government grant. I expect we will see more councils publically say they need bailing out before the COVID epidemic has passed.

A housing association i know is using the SAP system which does not recognise LA payments. This will make it even worse and tenants will be harassed with even more letters than they already are.

@wegetthejobdone

Councils dont pay enough to get decent IT staff. Local county council pays about half the going rate in the private sector. So they cant recruit to fill vacancies and they end up having to pay contractors at three times the rate they wanted to pay. Then of course they have even less money the following year to pay decent salaries or invest in equipment or training. And of course many councils were in financial before COVID because of the withdrawal of the central government grant. I expect we will see more councils publically say they need bailing out before the COVID epidemic has passed.

Three times? And the rest.

IT Manager I used to work with was paid £30k. somebody decided it would be a good idea to make him redundant to bring in an external contractor to install and manage the same £22k system he'd been told repeatedly he couldn't implement because they 'couldn't afford it'.

Cost? £220k.

Effect?

The system died on the first day and in the contractor's efforts to 'fix' it, they deleted 7 years' work and financial records when all they actually needed to have done was roll back to the previous day's backup which the original IT manager had insisted on doing on his last day, despite management being told by the contractor 'you don't need to do that, the switchover will be seamless'.

@Twitwooooooo

Many companies seem to underestimate the importance of good IT systems and security unfortunately.

A lot of the problem is the attitude of staff though. DH works in IT and he constantly has management who don’t understand what needs to be done or why, and also want miracle solutions for no budget. On the other side he has staff who click on phishing links and enter their password, but won’t confess they’ve done it. He doesn’t give a shit who clicked on the link, but he needs to know if they have so he can solve the problem!

My DH also works in IT and has the same issues. He refers to it as "anything I don't understand must be simple" syndrome. Like it must be simple to connect these systems from different vendors. Or it must be simple to block malicious emails. IT is always expected to have a magic wand for these things, and if they suggest it will cost time and money to do they must be incompetent.

There's a term in psychology for this:

en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect

Everyone considers themselves an expert in IT.

Agree this should be in the national press.

That's awful.
To the pp who mentioned ITNet's history of messing up. I believe they became part of Serco. Interestingly their success to failure rate hasn't improved.

@MissConductUS I work in IT and my theory as to why people don't appreciate how complicated software / computers are is that it's intangible. If you build a house you can see how much work is involved. But software systems aren't as visible, people can't see what had to be done to get stuff on the screen etc. Therefore they don't appreciate the time and effort and skill that goes into them.

[quote DrDreReturns]@MissConductUS I work in IT and my theory as to why people don't appreciate how complicated software / computers are is that it's intangible. If you build a house you can see how much work is involved. But software systems aren't as visible, people can't see what had to be done to get stuff on the screen etc. Therefore they don't appreciate the time and effort and skill that goes into them.[/quote]
I think you're correct. People are always shocked when there's a problem because how can something go wrong with something that's invisible. DH says he's always pleasantly surprised when things work, as he doesn't expect them to.

His organization uses a security tool from a UK company called Darktrace that uses AI and was started by some mathematicians from Cambridge University. It's aces according to him and would have stopped the malware attack on the Council.

www.darktrace.com/en/

why are councils not...

Victim blaming much

It’s not victim blaming as such, councils are responsible for a huge number of citizens and services. It is their responsibility to secure systems, assets and data that affect the well being, safety and health of their citizens.

@Keratinsmooth

It’s not victim blaming as such, councils are responsible for a huge number of citizens and services. It is their responsibility to secure systems, assets and data that affect the well being, safety and health of their citizens.

Councils have very very little money, they are barely managing to provide the minimum statutory services. Blame central government for not funding them properly! This has been going on years and years and years.

To the pp who mentioned ITNet's history of messing up. I believe they became part of Serco.

You couldn't make it up, could you?