Hackers have tried to gain illegal access to Aberdeen City Council’s computer system more than 15 million times in the last year, according to new figures.
Network technicians helped to block the equivalent of 41,800 infiltration attempts every day between October 2018 and September 2019.
But, despite the large number of incidents involved, only two cyber-attacks during that period had any levels of success.
Almost three-quarters of the unsuccessful breaches involved spam and phishing emails, which are fake messages, designed to look as if they are from legitimate websites in order to trick users into revealing personal information.
Nearly one-quarter were classed as “intrusions,” while more than 35,000 viruses – making up 0.2% of the total – were caught trying to embed themselves in devices.
In March, a council employee received a phishing e-mail from a “compromised partner organisation” and logged into a website using their work details. This resulted in a “small data breach” on their account.
Then, in November 2018, a spam e-mail was sent from a council supplier, advising users to click a link and change their password, causing only a “minor impact”.
The local authority employs a dedicated team to focus on its cyber security capabilities, with “layered security” and round-the-clock network monitoring.
Operational delivery convener John Wheeler said: “Given the volume of attempts, it’s encouraging that our security systems are catching all but a tiny number of them.
“I’d commend our officers for the work they’re putting in to keep the authority safe.”
Jai Aenugu, managing director of Aberdeen cyber-security company The TechForce, is among those who have alerted councils to the threat posed by hackers, who work from thousands of different locations all over the world.
He said: “Data shows that most cyber-attack attempts across both the public and private sectors involve the use of phishing and scam emails.
“Since more than 90% of successful cyber-attacks start from a phishing email, it is vital for an organisation to nurture a strong security culture by educating their employees on potential risks of phishing emails and how to spot them.”
Alex Nicoll, resource spokesman for the council SNP group, said: “As the council moves to a more digital method of service delivery, we must ensure we have robust mechanisms in place to prevent attacks being successful.”
A council spokesman said: “Aberdeen City council is continually developing and refining controls to mitigate against the impact of cyber threats.
“During the previous year, there were two large global spikes increasing the number of attempts.
“While we are unable to limit the number of attempts, the focus is on aligning people, process and technology to minimise the impact of these cyber threats.”