Go-Ahead, one of the UK’s biggest transport companies, is managing an ongoing cyberattack that has affected software used to schedule bus drivers and services.
Go-Ahead, one of the UK’s biggest transport companies, is managing an ongoing cyberattack that has affected software used to schedule bus drivers and services.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This cyber security incident on London’s biggest bus operator reminds us that the potential for cybercrime to be used as a tool to cause widespread disruption is real. At a time of huge uncertainty and disruption – from the cost-of-living crisis to industrial action across transport services – the incident clearly shows hackers’ strategy to catch us off-guard. No organisation is safe, and every citizen has a role to play in digital fortification, whether it’s protecting a country, a company or a consumer.
Awareness and vigilance are vital weapons in our response to these threats. Go-Ahead took immediate action to fend off the attack and implement its incident response plan to protect services, which sets a good example for other organisations. However, cybercriminals are levelling up. Their attacks are more prevalent, more sophisticated and harder to detect. When building robust defences, the golden rule to remember is that prevention is always better than cure. Power comes through knowledge about how cyber-attacks could happen and flagging them to the UK’s national reporting centre for fraud and cybercrime. This is why cyber security training shouldn’t just be a tick-in-the-box exercise, but an ongoing journey of education for us all.
This is another strike on our transport systems, which luckily hasn’t yet derailed passenger journeys. This targeted attack on the scheduling of our daily travel is no doubt an attempt to disrupt.
Over a billion cyber threats a day need to be stopped in their tracks. For transport operators to remain operational, they need to be continuously looking over their shoulder for these types of attacks.
Adopting an autonomous response to cyber protection will ensure transport operators don’t have tunnel vision and miss an attack. A zero-trust approach is the best way to ensure the flow of buses and trains across our road and rail networks, and to best protect their customers’ data.
While we know very little about the perpetrators or even the kind of attack carried out on Go-ahead, this incident does speak to a broader trend. We’re increasingly seeing cybercriminals attacking critical infrastructure. Sometimes this is down to geopolitics and other times simply that cybercriminals want to cause the maximum disruption possible.
Unfortunately, many organisations in the sector also have poor cyber defences, presenting themselves as an enticing target for cybercriminals. It’s clear that, as these attacks become more common, organisations need to take stock of their cybersecurity and identify any gaps. Anything else risks a disaster.
Details around the attack are limited at the moment, but it would not be a surprise to anyone if this turns out to be a ransomware attack. It does appear that Go-Ahead has an incident response plan in place and external specialists on retainer which should help them recover from the incident quicker.
One of the important points of consideration is that no industry or vertical is, or can be assumed safe from cyber attacks. All organisations of all sizes can be potential victims, and with the greater reliance on digital systems, the impact can be huge. Therefore, investing in robust security controls that can protect, detect, and respond to attacks is no longer optional.
The attack on Go-Ahead is another clear illustration that cyber criminals pose a very real threat to every industry. Whether it’s healthcare services or transport networks, cyber criminals will go above and beyond to cause widespread disruption to organisations and their services.
While the main cause of the attack is unknown, I’m willing to bet it’s ransomware, especially now they say it has spread from “it’s server” to other critical systems, such as payroll and bus service software. This is another reminder of how cyber attacks can have real, far-reaching consequences for not only the organisations they’re targeting, but for ordinary people. For example, many employees may now experience disruption to their monthly paycheque, during a time where many people are already struggling to afford basic necessities such as food and energy bills.
Attackers are targeting businesses of all sizes now, whether as a stepping stone to a bigger target, or as the target itself. Therefore, it’s now urgent for all organisations to get the fundamentals of cybersecurity right. This means working with experts to identify the right technology, training staff to use it correctly, and constantly evaluating their security posture.