The WannaCry ransomware attack in 2017 highlighted the systemic vulnerability of the UK’s government organisations: their networks are open, and their email security protocols are outdated and inconsistent. Two years on, they remain a soft target for cybercriminals looking to extort quick profits and nation state hackers seeking to gain an advantage in the ever-intensifying global cyberwar.
Not only are these organisations soft targets, they are also of high value to cybercrime groups. Once they bypass the typically rudimentary security applications of a government body, adversaries are able to access the much wider bureaucratic network of councils, employees and agencies. With it they can inflict huge damage by charging high ransoms and bringing a halt to the digital infrastructure that manages and controls public services.