Perth and Kinross Council is stepping up security measures to fend off more than a million cyber attacks a month.
The local authority has said it is considering another wave of “phishing” emails to staff, to help alert them to increasingly sophisticated efforts by hackers to obtain confidential data.
In December, council workers received messages promising special Christmas offers and discounts from well-known companies.
But if they clicked on the links, they received an educational message highlighting the risks of malicious mail.
Conservative councillor Angus Forbes told Wednesday’s strategic policy and resources committee meeting he was one of the 25% of employees who was duped by the first wave of simulated phishing attacks.
“I’m a bit embarrassed by that,” he said. “But I thought it was a useful exercise.”
Mr Forbes was told that council had only purchased the phishing software for one year, but future use would be considered.
Council boss Murray Lyle added: “The council is defending itself against hundreds of thousands of low level malicious events every month.
“In addition to the recorded events, the council is fending off hundreds of thousands of malicious probes and scans every day, far too numerous to log and count.”
He said: “As a defender the council, like all other organisations, must defeat every attack on its systems, while the attackers unfortunately need only to succeed once.
“To eliminate risk completely is an impossible task, even with unlimited resources. We need therefore to take a risk-based approach. It is vital that our staff are trained to identify cyber threats as quickly as possible and respond and recover as effectively as possible.”
Although a quarter of staff fell for the first round of council-produced e-mails, a follow-up wave only received a click-rate of six per cent.
Mr Lyle said: “Cyber threats change rapidly and as a council we must continue to adapt and respond to these risks as and when they are identified.
“I am pleased to note that the annual independent assessment of our network security is satisfied that the council network is well run and securely configured.
“Those vulnerabilities identified within the assessment have been addressed ensuring that our network continues to robustly defend council services from cyber attack.”
