Under attack: how to boost cybersecurity in the cloud

30th June 2022

Civica’s Andy Smith asks if cloud financial management systems are the answer for local authorities facing cyberattacks?

It starts with an email. And it ends with months of chaos, a multi-million-pound bill and a battered reputation. Cyberattacks can rapidly take apart a smooth-running IT system, forcing the affected organisation to rely on a nightmare tangle of disconnected spreadsheets, manual processes and even pen and paper.

Popular targets

Recent years have seen a spate of high-profile cyberattacks on local authorities. In many cases, a simple phishing email with a malicious attachment is the source of the attack and can rapidly damage or disable an entire IT estate. Incidentally, this type of attack is by far the most common: the Department for Culture, Media and Sport’s Cyber Breaches Survey 2022 identified phishing emails as the attack vector behind 83% of cyberattacks.

Once attacked, councils have found themselves immediately unable to deliver services, make or receive payments or even access records. Impacts are felt on three levels: operationally, as local authorities become unable to engage with citizens; financially, as revenues are lost and remediation costs pile up; and reputationally, as people question the security of the data that’s held about them.

Long-term impact

It's hard to exaggerate the scale and impact of these incidents. In many cases, it has taken councils months to fully recover from them and to restore services. Recovery costs can extend to hardware that is compromised during attacks – from on-premise servers to the devices used by individual staff. And with the National Cyber Security Centre having estimated that 40% of incidents it managed were targeted at the public sector, it’s not a threat that is going away any time soon.

How should local authorities respond to the threat of cyberattacks? In-house IT teams often have huge workloads and large numbers of apps to manage. Managing security over these fragmented IT estates can be exceptionally challenging.

Shifting responsibility

Increasingly, moving critical operations to the cloud is becoming a viable and attractive option for local authorities looking for a solution that’s cost-effective, secure and easy to implement. In recent years, we’ve seen a similar shift in the payments industry. Here, the compliance rules became so complex that managing in-house systems was becoming unachievable for many organisations. With compliance ‘built in’ and constantly upgraded to reflect evolving regulation, cloud solutions take away the burden and responsibility from payments providers.

For cybersecurity, the thinking is the same. Cloud financial management information solutions (FMIS) have the scale and focused expertise that’s needed to combat cyber threats. They are hosted in highly secure datacentres, with their security capabilities constantly updating to reflect the changing threat landscape. Local authorities can manage core financial tasks – from general ledger, debtors and creditors to purchasing, reporting and Making Tax Digital – with no need to secure on-premise hardware and software.

The shift to the cloud also shifts responsibility, from the customer to the vendor. In the unlikely event of a data breach, it’s the cloud vendor’s responsibility to restore and remediate. Local authorities can therefore redeploy the resource that was focused on day-to-day security management to higher-value, strategic tasks. And there’s significant peace of mind from knowing that critical functions are protected by state-of-the-art security and datacentres.

Do more with less

It's not just about security, though. Today, all local authorities are facing significant challenges around budgets, resources and compliance. They are faced with the classic ‘do more with less’ conundrum – deliver a better (mostly digital) service but with less money and fewer people. Cloud FMIS can tackle these challenges from a number of angles. Their self-serve options can cut workloads for internal teams. There’s no IT estate to manage and update, because access is via URL or app, on any device. Reporting is easier and more powerful. And importantly, costs are predictable.

This model of financial management is becoming the norm in the public sector. Civica’s cloud solution Civica Financials currently manages £2bn of funds annually for public sector organisations.

As cyberattacks continue to increase in our ever-more digital world, taking action to move more systems to the secure cloud could be the answer; bringing peace of mind and cost-effective solutions to already money and time-strapped councils across the UK.

Andy Smith, Managing Director, Civica Financials