Bondgate IT has praised the ongoing efforts of councils and universities in the North East and North Yorkshire to tackle the growing threat of cybercrime – but is warning that the danger posed by the dark web is growing stronger.

Garry Brown, managing director of the Darlington-based technology experts, said that both public and private organisations have been quick to act following several high-profile breaches last year.

As a result, organisations have conducted urgent reviews of their cybersecurity arrangements.

However, an investigation by Bondgate IT still found thousands of pieces of potentially damaging information connected to the region’s councils and universities were available for sale to criminals operating on the dark web.

Using its specialist monitoring service, it found that over 15,000 compromised items originating from nine local authorities in the North East and North Yorkshire are for sale to cyber criminals on the dark web. The total figure for the region’s universities stood above 13,000.

Garry said: “Local authorities and universities across the region have taken tremendous strides in updating their IT security, educating staff, and reducing the threat posed by ransomware.

“However, the increasing amount of data being offered for sale on the dark web highlights the need for ongoing vigilance when it comes to IT security.”

The high-profile breaches in 2020 included:

  • A ransomware attack on Redcar & Cleveland Council that left it without online services for weeks and is estimated to have cost £10m. The council says no ransom was paid
  • Newcastle, Durham, and York universities were among many global victims of an earlier ransomware attack on a third-party US-based cloud computing supplier – which allowed cybercriminals to remove data relating to names and contact details of university alumni, donors, and stakeholders.

A 2019 study by the University of Surrey found that the number of dark web listings that could harm an enterprise had risen 20 per cent since 2016. Of all listings, 60 per cent were potentially harmful.

Garry added: “This underlines the sophistication of cyber criminals as information listed for sale on the dark web has the potential to bring down entire IT systems and cost organisations millions of pounds.

“The origins of most breaches are not malicious but are caused unintentionally by those working within an organisation. The danger is that a hacker accesses a staff member’s email and their contacts. It is then easy to steal their identity, gain commercial insights, circulate malware and ransomware, issue instructions to release funds and access sensitive information.”

The UK’s National Cyber Security Centre has revealed that since February this year, there have been an increasing number of ransomware attacks in the UK, including schools, colleges, and universities. It has urged all organisations to follow its guidance and update security measures to disrupt attacks and enable effective recovery of data.