In October 2020, the London Borough of Hackney (LBoH) experienced a significant cyber attack that led to the encryption of 440,000 files, disrupted services for months, and exposed sensitive data. The Information Commissioner's Office (ICO) recently reprimanded LBoH for the breach, citing their failure to adequately protect data. While LBoH has since taken remedial steps, their experience offers critical lessons for businesses aiming to safeguard their digital assets and customer information.
Here are five key takeaways:
- Vigilance Against Dormant Accounts
One major vulnerability exploited during the attack was a dormant account with an insecure password. Regular audits of user accounts are essential, ensuring that any inactive accounts are promptly disabled or removed. Additionally, using strong, unique passwords for all accounts is crucial to prevent unauthorized access.
- Timely Security Patches
The investigation revealed that LBoH did not maintain an active security patch management system across all devices. Regularly updating software and systems to patch vulnerabilities is vital in preventing cyber attacks. Implementing automated patch management tools can ensure that no part of your system is left outdated and vulnerable.
- Robust Backup Systems
Hackney's attackers managed to delete 10% of the council's backups before being stopped. This highlights the importance of having an effective backup strategy that includes multiple backup copies stored in different locations. Regular testing of your backup restoration process ensures that, in the event of an attack, data can be restored quickly and completely.
- Response and Remediation Plans
Following the attack, LBoH engaged with national authorities like the NCSC, the NCA, and the Metropolitan Police, and took swift action to inform residents and mitigate harm. A detailed incident response plan is crucial for any business, outlining steps to notify affected parties and engage with cybersecurity experts to manage the aftermath of an attack.
- Continuous Improvement and Training
Since the attack, Hackney has adopted a 'zero trust' model and improved its processes. Similarly, businesses should continuously evaluate and upgrade their security measures. Employee training on recognising phishing attempts and other common threats is a straightforward yet effective way to bolster your defences. Stephen Bonner, Deputy Commissioner at the ICO, emphasised that many breaches result from basic security oversights, which training can help mitigate.
Conclusion
By learning from LBoH's experience and implementing these lessons, businesses can strengthen their cybersecurity strategies, better protect their data, maintain customer trust, and avoid the costly repercussions of a cyber attack. Ensuring robust, comprehensive, and regularly updated security measures is essential in today's digital landscape.
For more information, visit the ICO's report on the incident here.