Local Government Cyber Attack – Learning from Redcar and Cleveland
In January I talked about new threats arising from the shift to truly digitally enabled services. Since then we have seen the catastrophic attack on Redcar and Cleveland Borough Council. With an average of 800 cyber-attacks an hour on councils, leading to the complete failure of digital systems, the issue of cyber security now more than ever needs to be on the management team agenda.
Simply trusting up to date virus protection and regular backups no longer means that we can recover quickly. With good design you can have greater resilience, but current technology won’t stop an attack getting in. Generally, virus protection relies on someone else having been attacked and defeated; in fact, it takes around 10,000 organisations to be defeated before a defence is issued. The signature of the attack is sent out so that your virus protection can recognise it when it arrives. That’s assuming that the virus is not polymorphic and doesn’t change its signature as it attacks of course.
So, once your systems are down, you will have to undergo a complete rebuild that will inevitably take time, and should your back-ups not be designed correctly then prepare for service without any of your records. It’s likely that your systems will have been set up to allow staff to run your standard software – such as a spreadsheet. An attack could be embedded in one cell in a spreadsheet, so as soon as that spreadsheet is opened the attack is initiated.
However, there is now a unique and patented zero-day, zero-trust technology. Unlike other virus protection, this technology is capable of defence on day zero when the virus is first released as it does not need to know or have seen previously the signature of the attack. And zero-trust means that it monitors everything and trusts nothing.
We tested our zero-day, zero-trust technology using the WannaCry cyber-attack that successfully infiltrated the NHS, costing them £92m. We ran the first trial and witnessed WannaCry take over the network within seconds, denying access to all users until a ransom was paid. We then ran a second trial using a version of the technology that was created before WannaCry, which saw the threat identified and neutralised instantaneously.
We are now setting up a trial, with ten local authorities, if you are interested in being a trial site please contact annabelle.spencer@iese.org.uk
Please note you can unsubscribe at any time.