Lessons for businesses from a cyber attack on the London Borough of Hackney
The London Borough of Hackney (LBoH) has been reprimanded by the Information Commissioner’s Office (ICO) following a cyber attack made on them in October 2020.
The breach, which saw hackers access and encrypt 440,000 files, disrupted services for months and exposed sensitive data. LBoH acknowledged that the attack “posed a meaningful risk of harm” to 230 data subjects.
LBoH have taken remedial steps since the attack and due to their positive actions, ICO have taken the decision to issue a reprimand rather than impose a fine. However, there are several lessons businesses can learn from this breach that will help to protect their own digital assets and customer information. Here are five:
Vigilance Against Dormant Accounts: One major vulnerability exploited during the attack was a dormant account with an insecure password. Therefore, regularly auditing user accounts and ensuring that any inactive accounts are disabled or removed promptly is key. Of course, weak or default passwords should be avoided at all costs.
Timely Security Patches: The investigation revealed that LBoH failed to maintain an active security patch management system across all devices. Regularly updating software and systems to patch vulnerabilities is essential in preventing cyber attacks. You therefore need to implement automated patch management tools to make sure that none of your system is left outdated.
Robust Backup Systems: Hackney’s attackers managed to delete 10% of the council’s backups before they were stopped. This underlines the need for an effective backup strategy that includes multiple backup copies stored in different locations. Your backup restoration process should also be tested regularly to make sure it works. This ensures that, in the event of an attack, data can be restored quickly and completely.
Response and Remediation Plans: Following the attack, LBoH engaged with national authorities like the NCSC, the NCA, and the Metropolitan Police, and took swift action to inform residents and mitigate harm. A detailed incident response plan can help you to respond in an organised and prompt way if you experience a data breach. The plan needs to include notifying the affected parties and engaging with cybersecurity experts to manage the aftermath of an attack.
Continuous Improvement and Training: Since the attack, Hackney has adopted a 'zero trust' model and improved its processes. Likewise, you can continuously evaluate and upgrade your security measures.
Employee training on recognizing phishing attempts and other common threats is also straightforward to implement but can be a crucial part of your defence. Stephen Bonner, Deputy Commissioner at the ICO, emphasized the importance of avoiding simple security mistakes, noting that breaches often result from basic oversights. Training can really reduce the risk of these happening.
Taking these lessons to heart can help you to ensure your cybersecurity strategies are robust, comprehensive, and regularly updated. By doing so, you will better protect your data, maintain customer trust, and avoid the costly repercussions of a cyber attack.