Powys County Council chiefs say new IT systems will strengthen the authority’s defenses against cyberattacks.
At the Governance and Audit Committee meeting on Friday, June 20, councillors and lay members reviewed the council’s strategic risk register for the final quarter of 2024/25 (January to March).
The report states that the digital services department aims to reduce the risk of the council’s information and systems being vulnerable to phishing attacks.
If approved by senior councillors, this risk will be downgraded and managed at a departmental level.
Cllr Graham Breeze (Powys Independents) expressed serious concerns about the proposal to de-escalate the cyberattack risk.
“The current situation we live in, worldwide massive organisations such as Marks and Spencer have come under a huge attack, which has cost that company over £300 million to date,” he said.
“I’m interested to know how we feel so confident that we have control over this that we can de-escalate a risk I would consider to be one of the biggest we have as an authority.
“The sheer significance of this authority being hit by a cyberattack is unthinkable.”
He wanted to be convinced that the council had a “super system” to defend it from cyberattack.
Head of digital services Ellen Sullivan said: “The risk remains high - what is reduced is threat.
“We’ve actually purchased and deployed extra phishing software, so we have that across all our systems that detects any phishing concerns.”
She added that extra “phishing training” for staff had also been rolled out by the council.
This means that “fake emails” are sent out to test staff each month.
Ms Sullivan explained that staff who click on the fake emails would then be given “refresher training.”
Cllr Chris Walsh (Labour) said: “Cyber criminals will change their behaviour and tactics on a regular basis - it’s not a stationary situation, it’s an evolving one.
“Reducing it feels slightly complacent.”
Cabinet member for customers, digital and community services, Cllr Raiff Devlin (Liberal Democrat) said: “There is no complacency here whatsoever.
“The council has invested significantly into its cyber defence.
“While members are absolutely correct to point out it’s a dynamic environment, the key to maintaining our defence is our ongoing investment and there is a commitment by the cabinet to do just that.
“So, I feel that we are managing this risk appropriately and I’m reassured that the department has what it needs in place to do that.”
The report will go in front of the Liberal Democrat/Labour cabinet for a decision next month.
Comments
This article has no comments yet. Be the first to leave a comment.