Resilient digital environments
Installation of software updates/upgrades
Replacement and removal of hardware
Adding redundancy into systems
Decommission and remove legacy hardware and software
Device hardening:
Removing unneeded applications, ports, permissions and access
Limiting user account functions
Maintaining effective back-up systems:
On-premises
Off-site/remote
Cloud
Appropriate and reviewed standard operating procedures (sops)
Structured staff training:
New hardware/software
Staff inductions
New and updated policies and procedures
A summary of the methods used to implement digital resilience
Risk analysis of digital systems resilience
Planning for disruption scenarios
Planning disaster recovery and conducting recovery exercise
Documenting lessons learnt and incorporating resilience in the continuous improvement part of the lifecycle (ITIL)
A summary of the benefits to the organisations of being digitally resilient
Increased security:
Secure transfer of data
Secure storage of data
Reduced system vulnerabilities
Reduced probability of targeted cyber attacks
Increased reputation and profile:
Customer confidence
Protects brand image
Case study of Copeland borough council
Content for the presentation:
Lessons learned from the Copeland borough council disaster
An action plan to implement digital resilience that would have prevented this disaster
The impact of the disaster on the organisation and its clients
Some of the lessons learned
Be prepared
Makes sure that the investment into cyber security is worth it, appropriate, and sufficient
Makes sure you have some plans in the event of a total IT loss scenario
Don’t always assume that your IT infrastructure is safe and makes sure to get it tested
Data and system security is the responsibility of everyone
Everyone needs to make sure that they are storing sensitive data securely and making sure that it is not at any risk of being breached.
Educate staff on making sure that they don’t install applications that might harm the device or the network.
Make sure that people take the time to properly and safely make backups of their files and multiple ones (for example, using the cloud, storage out of site, and more storage on site).
Oversite and verification of IT in the enterprise
IT inform business decisions – not make them. Business staff do not make the IT input and advice, and they should just leave it to the professionals.
Do not underestimate how long the recovery will take and lasting impact on all who was involved.
Advice
Take cyber-attacks seriously and make sure to be prepared
Well maintained firewalls and supporting network devices
Ensure all points of ingress and egress and covered
Make sure to test for vulnerable points in the business and makes sure to address them ASAP when they get identified
Make sure you know what it is happening in the network and who has access to it throughout the day.
Follow advice from the national cyber security program centre
Know the organisations that one can contact if they get into this sort of situation.
Make secure backups and multiple ones to make sure that you are not venerable at a single point of failure.
Impact
All computers switched off, unable to print, unable to access anything
No finance
2 weeks until pay day
1 week to pay for diesel for waste collection services
Local by-election called
No access to electoral register, or election systems
Land searches backing up and housing market grinding to a halt
Families forced to stay in hotels
SLT
Business as usual couldn’t happen
Impossible to understand what had happened, or, if and when we will switch on
How the council delt with it
Reverted all their operations to pen and paper and the ability to pay the staff was affected
Staff where possible were dispersed to work in non-council and where feasible neighbouring local authorities, if that enabled them to have access to relevant IT systems external to the council
Over 2 years after the initial event, Copeland remains in recovery mode with some of the IT systems still in the process of undergoing remediation. Some data has been subject to total loss.
Ignoring the cost of the loss of productivity, the cyber-attack cost the council £2.5 million
Our customer service IT systems recorded an average of 25,000 processed service requests per anum prior to the cyber attack
The cyber-attack – problems faced
The IT systems were fully up to date and did have an active anti-virus put in place, but they were hit with a new ‘zero day’ ransomware virus which mean that they anti-virus that they had didn’t detect it.
The attack happened on the august bank holiday in 2017, meaning that it took until Monday to discover that they attack had happened, which meant that it took until the Tuesday for anyone to realise that it happened.
Before any sort of containment actions took place, nearly all IT systems and network services gone and nearly all their end port devices were lost, such as desktops and laptops.
All connections to partners that were associated with the council had to be cut off to stop the spread of the virus.
The council were affectively in the situation of no technology
“The IT team will sort it!”
The council assumed that the IT team could sort it quickly, but this wasn't realistic
The council had a very small IT department, so the scale of the attack was too big and overwhelmed them. This resulted them in bringing in extra IT staff to help with the problem.
The IT manager thought that problem was so big and damaging that it might not ever be fixed.
The network had been compromised, and it took days to regain pockets of the network. It was also at this point that the system backups were also compromised meaning that there was no easy way for them to restore the IT systems to how they were before the attack.
The IT infrastructure had to be rebuilt from the ground up which meant that they had to go with a long period of time with no IT systems at all.
No comments:
Post a Comment