TECH experts this week admitted that cyber criminals are always one step ahead of Dumfries and Galloway Council and other authorities.
This is the reason that the council is virtually always on red alert for potential breaches of its systems and the access of public records and confidential information.
The risk of cyber attacks on the local authority was discussed at the audit, risk and scrutiny committee on Tuesday. A report was tabled showing a ‘risk matrix’ with levels of red, amber, and green in relation to the likelihood of hackers breaching the council’s digital defence systems.
That risk was shown to currently be in the red zone and this isn’t expected to change any time soon, which North West Dumfries Councillor Paula Stevenson said the public would want to be aware of.
She asked: “Is there anything more than we can be doing to move that risk further into the green?”
Annandale North Councillor Stephen Thompson, committee chairman, added: “We’re almost like holding the line by the looks of it in terms of our target risk and current risk.
Mark Thomson, the council’s risk and assurance manager, said: “It’s the reality of 2024 and where we continue to be going forward from a cyber security perspective.
“Everything we do, we’re always one step behind in some respects. The criminals, the terrorists, the hackers get more advanced every month, every year.
“Through our certifications, we keep up with our defences and we audit our systems, and we change where appropriate.
“But it’s a global state of affairs that whatever we do, we will never ever drive that down to a level of yellow or green as cyber attacks progress.”
Councillor Stevenson then asked: “Are we doing everything robustly enough to ensure everyone’s data is protected, and we’re at the lowest risk of cyber attack that we can be?”
Replying, Mr Thomson added: “In terms of our robustness, we have a programme set out that goes from a level of almost defend, monitor, and train with our staff.”
He explained there is a document audit process across the council, and security partners are consulted for expert advice.
