Media outlets are reporting that Hackney Council in London has been the target of a serious cyberattack, which is affecting many of its services and IT systems.
This is the latest attack to hit a UK local council in recent months – in February Redcar and Cleveland Borough Council said it had been hit by a ransomware attack, which cost it more than £10m.
It\’s not as if we needed reminding, however, this kind of cyberattack underlines the importance of cybersecurity to every organization. While we don\’t know a huge amount of information regarding the attack thus far, anything that has the ability to impact on the frontline services of a council – in the current economic climate, and in a borough like Hackney – is a cause for concern. The provision of frontline services is necessarily a priority for any public body, making a robust cybersecurity environment delivering network visibility, detection, and response of paramount importance to ensure the continuation of services even in the event of a cyberattack.
From multinational corporations to small firms, no organisation is immune from the threat of cyberattacks like ransomware—and the rise of nation-state hackers has made ransomware threats even more dangerous and damaging. Public sector organisations are an attractive target for cybercriminals due to their use of legacy IT systems and the challenges they face with providing consistent, ongoing employee training. Unsupported legacy systems are more vulnerable and easier for hackers to exploit. Public sector employees that lack security training are especially susceptible to threats such as phishing, which is one of the most common ways to spread ransomware. Hackers also recognise that downtime is not an option for local governments that need to provide critical services round the clock to residents and businesses, making these public sector targets more likely to pay the hacker’s ransom. Local governments can also be hotspots of citizens’ personal information, making them a prime target for cybercriminals.
Ransomware attacks in the public sector, even if brief, can negatively impact thousands of citizens. When attacks occur, citizens risk their personal information being exposed and may lose access to critical services. Public sector employees may have to resort to conducting work offline or postponing crucial aspects of government like court proceedings. Public sector attacks cause major disruption and result in increased media attention, which unfortunately can make these types of attacks attractive to cybercriminals.
Security awareness training is a powerful tool to reduce the risk of a cyber-attack—it lowers the chance of an incident like a data breach by 70%. From ransomware to spear phishing, email threats are one of today’s most dangerous forms of cyber-attack. It’s crucial that the public sector trains its employees on how to spot these emails so they can act as an effective form of defence against cybercriminals. However, many security awareness training programs fail because they are not conducted consistently or effectively. A recent study around the impact of phishing resistance training found that employees who received the training started to forget what they had learned after six months. To truly be prepared for the risk of a cyber-attack, security awareness training needs to incorporate both educational materials and frequent phishing simulations accompanied by refresher training for those who engage with the simulations.
The last revelations from Hackney Council being hit by a massive cyberattack is not surprising given the advantage that cyber adversaries have in the vast and connected world we live in today. The good news is that they are working closely with the NCSC to get to the bottom of the origins of the attack so that services can be restored as soon as possible. The bad news is that it could take days or weeks for essential services to be operating normally.
On a macro level, every organisation in the world has had to defend against cyberattacks because they have become as routine as going to work or taking a walk. But not all attacks are the same and for local governments that are providing services to citizens or hospitals caring for the sick, an increase in ransomware attacks is forcing the hand of the defenders. The hackers have no shame and they will prey on organisations they think will pay their ransom demands. For Hackney Council, it is essential to deploy threat hunting services in their environment and also increase security awareness training of employees so that they can be reminded not to open email attachments from unknown sources, don\’t visit dubious websites and keep their internal radar for potentially malicious behaviour.
Any attack on Public Services, especially during what is shaping up to be a COVID second wave, is particularly heinous. The motivation, in this case, is also cause for concern. These kinds of attacks are most commonly associated with Ransomware but it is highly unlikely that any Public Body in the UK has either the financial resources or indeed the authority to pay their attackers. It may be that the criminals who launched this attack are located overseas and unaware of this fact or the attack may be designed to distract from some more sophisticated criminal activity.
In any event, Hackney Council, by enlisting the help of the National Cyber Security Centre, have given themselves and the communities they serve the best chance of recovering from what is a very concerning situation.
As with any successful Cyber attack, the period immediately after it is made public is the most dangerous of all to the customers and service users of the victim organisation. In this case, it is absolutely vital that the residents of Hackney keep their cool. Under no circumstances should they respond to any unsolicited requests for information. Cybercriminals will play on their worries and fears to gather information like login credentials, passwords, bank details and other personal information and use it to commit even more crime. They will contact people via email, telephone, social media and even by post or in person.
Any approaches should be reported to the authorities and ignored, however difficult this may be.
Anyone reading this should consider their family, friends, neighbours and colleagues and make sure that any more vulnerable people are aware of the dangers and supported until the incident is resolved.
Never share any information, however trivial it may seem, or however worried you may be.
Communities can beat criminals.
Follow the advice from the NCSC and help your friends and loved ones to do the same.
Every organisation is a software organisation, even the Hackney Council in North London. Consequently, every organisation must have a software security initiative (SSI). The purpose of the SSI is to set up policies and processes for protecting the organisation, detecting when attack is underway, responding quickly to any intrusion, and restoring systems and data after an attack.
Business continuity planning is always important. The global pandemic has unequivocally demonstrated that all organisations must prepare for unexpected events. Proactive actions include keeping systems updated, using multifactor authentication, user education, and backups. Reactive actions include containing an attack, implementing emergency processes, and restoring infected systems. Risk can never be eliminated, but managing software security in a methodical, disciplined manner lowers the likelihood of a successful attack, and makes cleaning up and restoring services after an attack quicker and less expensive.