Post-ransomware attack, Hackney Council wants to change its cybersecurity culture

And it’s willing to pay up to £250,000 if you can help them do it.

Post ransomware attack, Hackney Council wants to change its cybersecurity culture

Hackney Council still hasn’t recovered from its ransomware attack last October, which saw stolen data posted on the dark web by the PYSA ransomware gang.

According to the London Borough of Hackney’s website, key services that continue to be affected include:

  • Applications and licenses
  • Benefits, council tax and payments
  • Children and families services
  • Council homes
  • Data protection
  • Payments
  • Planning
  • Reporting and ordering

House purchases have fallen through in the area as the council was unable to process land searches, and some of the area’s most vulnerable residents were not paid their housing benefit.

The good news is that Hackney Council is working hard to make things better. And one of the ways in which it is doing that is by looking for some external expertise to evaluate its staff’s understanding of their security responsibilities, and help them adopt effective security practices.

Hackney help

Why the work is being done

Hackney Council is reviewing the way we deliver security assurance, following a Cyber attack in October 2020 and implementing changes to where required. This work will include a review of some of our technological tools as well our governance arrangements and processes. This work will be underpinned by a concurrent piece of work focused upon the security culture within the team.

Problem to be solved

We are delivering two key strands of work:

* Behaviour, Culture & Skills (Analysis, recommendation & implementation)
* Policy, Process & Procedure (Review, recommendation, change/strengthen)

We have identified some skills gaps and capacity shortages that would hinder rapid delivery of a high quality set of outcomes.

User Research (to help design, conduct and understand behavioural and culture now)

Business/Procedure/Policy Analysis (to help create and distill user stories, conversations and data and turn into actionable procedures/practice).

Senior Security Practice to act as a second pair of eyes and to help design new processes, deliver training and best practice to our teams.

It’s interesting to see how much emphasis is being given to improving the security culture and user behaviour. Far too often this is an area of computer security which is brushed aside in favour of technological solutions.

Sign up to our free newsletter.
Security news, advice, and tips.

The truth is that cybersecurity is fundamentally a human problem, not a technological one. One has to suspect that it was a human behavioural issue which was the primary reason the council was hit by the attack rather than anything else.

The budget for this work is set at £200,000 – £250,000 + VAT, and – understandably under the current circumstances – Hackney Council is quite happy for you to work remotely.

So if you’re interested apply now.

You have until 2 February 2021 to apply.

Hat-tip: Thanks to Evan Jones for bringing this latest development to my attention.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.