Following reports that Kensington and Chelsea Council has suffered a cyber-attack, with more than 100,000 households warned to stay alert, we’re increasingly seeing that cyber criminals don’t need sophisticated techniques to be effective. Many operate on a high-volume, ‘spray-and-pray’ basis – sending thousands of emails, calls, or access attempts, knowing that even a very small success rate is enough to trigger a serious breach.

Public sector organisations like councils are particularly exposed to this approach, often operating with ageing infrastructure, under intense budget scrutiny, while holding large volumes of sensitive citizen data – a combination that makes them an attractive and persistent target.

In many cases, the point of entry is identity. Attackers increasingly compromise legitimate credentials and then blend into normal activity. Once inside, that access can remain dormant for long periods, flying under the radar until it’s activated at a moment that causes maximum disruption. This is why identity remains the root cause of most breaches – especially in complex public sector environments where visibility across users, systems and access rights can be challenging.

To combat this, identity security must be treated as a priority, not an afterthought. The right technology can support public sector organisations to continuously monitor identity behaviour, detecting subtle anomalies that appear legitimate on the surface. This can help them to act early before low-level compromise escalates into a major incident. Prevention, not just reaction, is what ultimately determines cyber resilience.