I would like to make a Freedom of Information request relating to cyber attacks to your organisation.
By cyber attack I am referring to the unauthorised access or deliberate disruption of a computer system or a device.
Types of cyber attack could include, but are not limited to: ransomware, denial of service, phishing and spear phishing
By data, I am referring to any information held on your computer systems or devices
Please could you answer the following:-
Does your organisation keep an incident log of cyber attacks?
How many cyber attacks - attempted and successful - were recorded against your organisation
in the last three financial years, year-by-year (ie 2014/15, 2015/16, 2016/17)?
Where cyber attacks were successful, what kind of data and what amount of data, if
any, was lost or stolen? Was it confidential?
For each case, please confirm:- the type of attack (eg ransomware, denial of service
What demand, if any, was made to resolve the attack? Did the organisation comply?
Whether the attack was reported to police or other responsible authority? Was the attacker
Thank you for your recent FOI
So far we have been very fortunate that the layers of security we have in place has stopped the majority of these attacks but we are staying vigilant as the attacks are increasing. We have never been the victim of a direct attack so have never lost any records etc
The attacks that caused us a problem were DoS which was found to be part of larger attack on UK Local Government which emanated from China. These cause the network to slow down or access to our website to slow down.