Cybersecurity Experts Reacted On Hackney Council Cyber Attack

Media outlets are reporting that Hackney Council in London has been the target of a serious cyberattack, which is affecting many of its services and IT systems.

This is the latest attack to hit a UK local council in recent months – in February Redcar and Cleveland Borough Council said it had been hit by a ransomware attack, which cost it more than £10m.

Experts Comments

October 15, 2020
Dr. Anton Grashion
EMEA Director
Corelight
It's not as if we needed reminding, however, this kind of cyberattack underlines the importance of cybersecurity to every organization. While we don't know a huge amount of information regarding the attack thus far, anything that has the ability to impact on the frontline services of a council - in the current economic climate, and in a borough like Hackney - is a cause for concern. The provision of frontline services is necessarily a priority for any public body, making a robust cybersecurity.....Read More
It's not as if we needed reminding, however, this kind of cyberattack underlines the importance of cybersecurity to every organization. While we don't know a huge amount of information regarding the attack thus far, anything that has the ability to impact on the frontline services of a council - in the current economic climate, and in a borough like Hackney - is a cause for concern. The provision of frontline services is necessarily a priority for any public body, making a robust cybersecurity environment delivering network visibility, detection, and response of paramount importance to ensure the continuation of services even in the event of a cyberattack.  Read Less
October 14, 2020
Mike Puglia
Chief Strategy Officer
Kaseya
From multinational corporations to small firms, no organisation is immune from the threat of cyberattacks like ransomware—and the rise of nation-state hackers has made ransomware threats even more dangerous and damaging. Public sector organisations are an attractive target for cybercriminals due to their use of legacy IT systems and the challenges they face with providing consistent, ongoing employee training. Unsupported legacy systems are more vulnerable and easier for hackers to exploit......Read More
From multinational corporations to small firms, no organisation is immune from the threat of cyberattacks like ransomware—and the rise of nation-state hackers has made ransomware threats even more dangerous and damaging. Public sector organisations are an attractive target for cybercriminals due to their use of legacy IT systems and the challenges they face with providing consistent, ongoing employee training. Unsupported legacy systems are more vulnerable and easier for hackers to exploit. Public sector employees that lack security training are especially susceptible to threats such as phishing, which is one of the most common ways to spread ransomware. Hackers also recognise that downtime is not an option for local governments that need to provide critical services round the clock to residents and businesses, making these public sector targets more likely to pay the hacker’s ransom. Local governments can also be hotspots of citizens’ personal information, making them a prime target for cybercriminals. Ransomware attacks in the public sector, even if brief, can negatively impact thousands of citizens. When attacks occur, citizens risk their personal information being exposed and may lose access to critical services. Public sector employees may have to resort to conducting work offline or postponing crucial aspects of government like court proceedings. Public sector attacks cause major disruption and result in increased media attention, which unfortunately can make these types of attacks attractive to cybercriminals. Security awareness training is a powerful tool to reduce the risk of a cyber-attack—it lowers the chance of an incident like a data breach by 70%. From ransomware to spear phishing, email threats are one of today’s most dangerous forms of cyber-attack. It’s crucial that the public sector trains its employees on how to spot these emails so they can act as an effective form of defence against cybercriminals. However, many security awareness training programs fail because they are not conducted consistently or effectively. A recent study around the impact of phishing resistance training found that employees who received the training started to forget what they had learned after six months. To truly be prepared for the risk of a cyber-attack, security awareness training needs to incorporate both educational materials and frequent phishing simulations accompanied by refresher training for those who engage with the simulations.  Read Less
October 14, 2020
Sam Curry
Chief Security Officer
Cybereason
The last revelations from Hackney Council being hit by a massive cyberattack is not surprising given the advantage that cyber adversaries have in the vast and connected world we live in today. The good news is that they are working closely with the NCSC to get to the bottom of the origins of the attack so that services can be restored as soon as possible. The bad news is that it could take days or weeks for essential services to be operating normally. On a macro level, every organisation in.....Read More
The last revelations from Hackney Council being hit by a massive cyberattack is not surprising given the advantage that cyber adversaries have in the vast and connected world we live in today. The good news is that they are working closely with the NCSC to get to the bottom of the origins of the attack so that services can be restored as soon as possible. The bad news is that it could take days or weeks for essential services to be operating normally. On a macro level, every organisation in the world has had to defend against cyberattacks because they have become as routine as going to work or taking a walk. But not all attacks are the same and for local governments that are providing services to citizens or hospitals caring for the sick, an increase in ransomware attacks is forcing the hand of the defenders. The hackers have no shame and they will prey on organisations they think will pay their ransom demands. For Hackney Council, it is essential to deploy threat hunting services in their environment and also increase security awareness training of employees so that they can be reminded not to open email attachments from unknown sources, don't visit dubious websites and keep their internal radar for potentially malicious behaviour.  Read Less
October 14, 2020
Brian Higgins
Security Specialist
Comparitech.com
Any attack on Public Services, especially during what is shaping up to be a COVID second wave, is particularly heinous. The motivation, in this case, is also cause for concern. These kinds of attacks are most commonly associated with Ransomware but it is highly unlikely that any Public Body in the UK has either the financial resources or indeed the authority to pay their attackers. It may be that the criminals who launched this attack are located overseas and unaware of this fact or the attack.....Read More
Any attack on Public Services, especially during what is shaping up to be a COVID second wave, is particularly heinous. The motivation, in this case, is also cause for concern. These kinds of attacks are most commonly associated with Ransomware but it is highly unlikely that any Public Body in the UK has either the financial resources or indeed the authority to pay their attackers. It may be that the criminals who launched this attack are located overseas and unaware of this fact or the attack may be designed to distract from some more sophisticated criminal activity. In any event, Hackney Council, by enlisting the help of the National Cyber Security Centre, have given themselves and the communities they serve the best chance of recovering from what is a very concerning situation. As with any successful Cyber attack, the period immediately after it is made public is the most dangerous of all to the customers and service users of the victim organisation. In this case, it is absolutely vital that the residents of Hackney keep their cool. Under no circumstances should they respond to any unsolicited requests for information. Cybercriminals will play on their worries and fears to gather information like login credentials, passwords, bank details and other personal information and use it to commit even more crime. They will contact people via email, telephone, social media and even by post or in person. Any approaches should be reported to the authorities and ignored, however difficult this may be. Anyone reading this should consider their family, friends, neighbours and colleagues and make sure that any more vulnerable people are aware of the dangers and supported until the incident is resolved. Never share any information, however trivial it may seem, or however worried you may be. Communities can beat criminals. Follow the advice from the NCSC and help your friends and loved ones to do the same.  Read Less
October 14, 2020
Jonathan Knudsen
Senior Security Strategist
Synopsys
Every organisation is a software organisation, even the Hackney Council in North London. Consequently, every organisation must have a software security initiative (SSI). The purpose of the SSI is to set up policies and processes for protecting the organisation, detecting when attack is underway, responding quickly to any intrusion, and restoring systems and data after an attack. Business continuity planning is always important. The global pandemic has unequivocally demonstrated that all.....Read More
Every organisation is a software organisation, even the Hackney Council in North London. Consequently, every organisation must have a software security initiative (SSI). The purpose of the SSI is to set up policies and processes for protecting the organisation, detecting when attack is underway, responding quickly to any intrusion, and restoring systems and data after an attack. Business continuity planning is always important. The global pandemic has unequivocally demonstrated that all organisations must prepare for unexpected events. Proactive actions include keeping systems updated, using multifactor authentication, user education, and backups. Reactive actions include containing an attack, implementing emergency processes, and restoring infected systems. Risk can never be eliminated, but managing software security in a methodical, disciplined manner lowers the likelihood of a successful attack, and makes cleaning up and restoring services after an attack quicker and less expensive.  Read Less
October 14, 2020
Rufus Grig
Chief Strategy Officer
Maintel
The Hackney Borough Council breach comes shortly after the similar hack of Redcar and Cleveland Borough Council. It acts as yet another reminder that government bodies remain strong targets for hackers, due to the huge amounts of high-value personal and financial data they hold. While we don’t know the particulars of the Hackney Council breach, we do know that the outdated legacy systems that some local authorities operate leave malicious actors with little trouble circumventing their.....Read More
The Hackney Borough Council breach comes shortly after the similar hack of Redcar and Cleveland Borough Council. It acts as yet another reminder that government bodies remain strong targets for hackers, due to the huge amounts of high-value personal and financial data they hold. While we don’t know the particulars of the Hackney Council breach, we do know that the outdated legacy systems that some local authorities operate leave malicious actors with little trouble circumventing their security. During a time when citizens rely on Government information and assistance, ensuring operations can continue unimpeded is a must. Modernising IT infrastructure must be a priority if similar breaches are to be avoided. Even with the most up to date systems, local authorities can’t promise to stave off every attack. However, they can shift the odds into their favour by utilising innovative technology like AI and ML in systems, as well as potentially turning to outside help from experts. Protecting stakeholder’s data must be a 24/7 job, as criminals are continuously probing and looking for weaknesses, and it only takes a single vulnerability to enable a breach. Local authorities across the country need to remain always on and ensure they have the right tools to fight off would-be cyber attackers.  Read Less
October 13, 2020
Miles Tappin
VP of EMEA
ThreatConnect
“Flip a coin – that’s basically the odds of any organisation being targeted. Unfortunately, the odds are even greater for government bodies, who are prime targets as they are often underequipped in terms of security protections and are also likely to be forced to pay the ransom to avoid hindering critical services. “Local councils, and other government bodies need to use this attack as stark reminder of the importance of protecting their services. It is vital that organisations with.....Read More
“Flip a coin – that’s basically the odds of any organisation being targeted. Unfortunately, the odds are even greater for government bodies, who are prime targets as they are often underequipped in terms of security protections and are also likely to be forced to pay the ransom to avoid hindering critical services. “Local councils, and other government bodies need to use this attack as stark reminder of the importance of protecting their services. It is vital that organisations with any strategically useful information prepare themselves to deal with highly sophisticated attacks. “Firstly, it is imperative to understand the types of risks that organisations might face and in particular, analysing the scenarios that could lead to significantly impacting their ability to conduct business or serve the public good. Organisations must think like the adversary, scope the “who, what, when and why” and then use this knowledge to drive their response. “The key to delivering reliable services to society and remaining secure is collaboration. We need to break down silos between IT, threat analysis, and incident response personnel from different areas of government so there is greater information sharing. “Ultimately, the more information that councils and government bodies are able to discover, the better their data driven decision making process becomes. By working together as dynamic teams, internal and external threat data and intelligence from multiple sources can be pulled together into one space for correlation so organisations can respond to emerging attacks.”  Read Less
October 13, 2020
Dean Ferrando
Systems Engineer Manager – EMEA
Tripwire
Local and national councils will always be a target for cybercriminals given the sensitive data they hold but truth of the matter is that many remain unprepared for a cyberattack. It’s difficult to prepare for something you don’t understand, can’t visualize, and haven’t experienced. You would have hoped that the devastation caused by NotPetya and WannaCry would have triggered an instant reaction for organisations to get their security in order. This isn’t the case. To get security.....Read More
Local and national councils will always be a target for cybercriminals given the sensitive data they hold but truth of the matter is that many remain unprepared for a cyberattack. It’s difficult to prepare for something you don’t understand, can’t visualize, and haven’t experienced. You would have hoped that the devastation caused by NotPetya and WannaCry would have triggered an instant reaction for organisations to get their security in order. This isn’t the case. To get security right, organisations need to get the basics right. Start by understanding the risk you have. You must conduct regular, preferably continuous, assessments of configuration and vulnerability risk across your IT systems. Then ensure systems are regularly patched and upgraded. Following these basic security hygiene rules will go a long way to making your systems secure and the attackers’ job more difficult.  Read Less
October 13, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
There is limited information at the moment, though it could be likely that this is a ransomware attack, as those are the attacks which render systems unavailable like this. However, regardless of the root cause, this unfortunate incident serves as a reminder as to how dependent society is on digital systems. Councils provide housing, healthcare, and support for the most vulnerable in society, having these systems unavailable could have a very real and detrimental impact on individuals. It's why .....Read More
There is limited information at the moment, though it could be likely that this is a ransomware attack, as those are the attacks which render systems unavailable like this. However, regardless of the root cause, this unfortunate incident serves as a reminder as to how dependent society is on digital systems. Councils provide housing, healthcare, and support for the most vulnerable in society, having these systems unavailable could have a very real and detrimental impact on individuals. It's why it's important that all organisations focus on building a culture of security throughout, so that all scenarios are considered from a confidentiality, integrity and availability perspective across people, processes, and technology.  Read Less
October 13, 2020
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin
While there is little information revealed as to the cause and type of attack that has taken place on Hackney Council, we can only hope that pressing services, particularly to vulnerable residents, are not seriously impacted, and that all important documents have been backed up. This is a wake up call for all organisations to be vigilant, taking every measure to keep themselves safeguarded. This includes simple cyber hygiene steps such as the use of multi-factor authentication, security.....Read More
While there is little information revealed as to the cause and type of attack that has taken place on Hackney Council, we can only hope that pressing services, particularly to vulnerable residents, are not seriously impacted, and that all important documents have been backed up. This is a wake up call for all organisations to be vigilant, taking every measure to keep themselves safeguarded. This includes simple cyber hygiene steps such as the use of multi-factor authentication, security awareness training and employing the use of strong passwords that are not reused across accounts. Organisations can also ascertain key learnings from crisis management tabletop exercises including business continuity gaps. The best defence against what appears to be a ransomware attack is a robust Business Continuity Plan which includes regular backups, version control and thorough testing of disaster recovery procedures. In the meantime, all those using the Hackney Council services should be on the lookout, in the forthcoming days and months, of social engineering attempts as well as fraudulent activity on their accounts.  Read Less
October 13, 2020
Terry Greer-King
VP EMEA
SonicWall
The cyberattack against Hackney Council shows that it’s not just private sector organisations that need to safeguard their systems against intrusion. In fact, public bodies often hold even more sensitive data than businesses, including information about citizens’ interactions with social care services and other sensitive Personal Identifiable Information (PII). As well as ensuring services remain operational, the council has a duty to investigate what data may have been leaked in the.....Read More
The cyberattack against Hackney Council shows that it’s not just private sector organisations that need to safeguard their systems against intrusion. In fact, public bodies often hold even more sensitive data than businesses, including information about citizens’ interactions with social care services and other sensitive Personal Identifiable Information (PII). As well as ensuring services remain operational, the council has a duty to investigate what data may have been leaked in the breach and inform any individuals affected. When the source of the breach is discovered the council must fix the problem, including by upgrading their cybersecurity infrastructure and educating users and the internal workforce on the risks of remote working during Covid-19.  Read Less
October 13, 2020
John Hurst
Head of Public Sector
CyberArk
This attack should come as no surprise. Public sector organisations have long been a prolific hunting ground for hackers. Of all the ICO fines for data breaches handed out since 2010, 54 percent have actually been levied against public sector bodies, with local councils specifically accounting for 30 fines. GDPR-inflicted fines and the direct practical effects of a cyber attack, including having to resort to offline functions, are not the only after-effects Hackney Council should expect. The .....Read More
This attack should come as no surprise. Public sector organisations have long been a prolific hunting ground for hackers. Of all the ICO fines for data breaches handed out since 2010, 54 percent have actually been levied against public sector bodies, with local councils specifically accounting for 30 fines. GDPR-inflicted fines and the direct practical effects of a cyber attack, including having to resort to offline functions, are not the only after-effects Hackney Council should expect. The specific details are unclear, but it does appear to have a lot of parallels with the Redcar and Cleveland Borough Council attack earlier this year, which is estimated to have cost it more than £10m. That attack reminded us that there are more negative outcomes of an attack than the financial repercussions of disrupted service and the likely GDPR fine. Compensation must be paid to victims of the breach where appropriate, which can prove costly if a large amount of data is involved, and investing in IT auditors to investigate such incidents can be expensive. If the attack is particularly damaging, certain situations may even call for a third party to come in and clear up the mess left behind by the attackers, leaving councils with a significant bill to pay. They need to get security right, particularly at a time when trust in public services is so critical.  Read Less
October 13, 2020
Francis Gaffney
Director of Threat Intelligence
Mimecast
The ongoing and increasing number of attacks on public sector organisations continues to give cybersecurity professionals, at all levels, a cause for concern. Although an attack on private sector organisations can have significant consequences, there are few sectors that have the potential to impact as many lives, in as many ways, as the public sector. The public sector is an attractive target to threat actors, as the size and scope of many public sector organisations means they are often.....Read More
The ongoing and increasing number of attacks on public sector organisations continues to give cybersecurity professionals, at all levels, a cause for concern. Although an attack on private sector organisations can have significant consequences, there are few sectors that have the potential to impact as many lives, in as many ways, as the public sector. The public sector is an attractive target to threat actors, as the size and scope of many public sector organisations means they are often responsible for securing particularly sensitive personal data for millions of people. Public sector organisations may not operate in a competitive environment, where reputation can make or break their profitability, but they often rely on the trust of the public to function properly and achieve their full potential. This attack on a local authority, particularly during a pandemic when many citizens are turning to their local authority for help and guidance, highlights just how wide the socio-economic blast radius of a cyber-attack on a public sector entity can be. Public sector organisations have a direct responsibility for the running of the town, region, or country. As such, they need to implement a stringent security solution that limit the risk of a cybersecurity attack but one that also provides assurance to its users that their data is secure.  Read Less
October 13, 2020
Stuart Reed
UK Director
Orange Cyberdefense
At a time when local councils are spending much of their time focused on issues relating to COVID-19, the last thing that they need is the stress that a cyber attack brings. Unfortunately cyber criminals will often prey on organisations that they know are under pressure, and while details of this particular incident have yet to be revealed, since the outbreak of the pandemic we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick their.....Read More
At a time when local councils are spending much of their time focused on issues relating to COVID-19, the last thing that they need is the stress that a cyber attack brings. Unfortunately cyber criminals will often prey on organisations that they know are under pressure, and while details of this particular incident have yet to be revealed, since the outbreak of the pandemic we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick their way into corporate systems. The fact that so many employees have been working from home has increased the risk of social engineering - an increased dependence on ‘virtual’ communications like email, video conferencing and calls, renders users more vulnerable to social engineering attacks. Technical countermeasures against phishing attempts and detecting malicious activities today are much more robust than they have been in the past. The human, on the other hand, is more complex and hard to predict in certain scenarios while easy to manipulate in others. Security awareness educates employees about manipulative techniques that might be used against them and also highlights the benefits of adapting their information security behaviour. That’s why a blended approach of people, process and technology is essential for a mature approach to cyber security, and building resilience towards social engineering attacks provides a significant line of defense.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.