Not a Fair Cop
The Surrey headquarters of the Police Federation of England and Wales has been hit by a crypto-malware attack, severing multiple systems at the premises.
The alarm was raised at 19:00 on March 9th by the stations’ own security systems, and it wasn’t long after that officers confirmed an infection across multiple others. This crippled emails, locked files and - perhaps worst of all - deleted the office’s backup data. To minimise the spread, the Federation had to take some systems offline.
Imaginably, the Federation haven’t taken this lying down – nor have their friends at the National Cyber Security Centre and the National Crime Agency, who are launching a joint investigation to uncover the apparently fearless perpetrator. BAE Systems, a British defence and security company, are also advising on a response.
At the time of writing, the PFEW and BAE are yet to find any evidence of data theft; but the warning they’ve released is prudent in the wake of GDPR legislations, which necessitate notifying the public of a breach within 72 hours if their personal data is in danger of being compromised.
In an FAQ, uploaded shortly after the infection, the Federation claimed to be “…proceeding with caution on the basis that this is at least a possibility”.
It’s a surprising story, not least with such a high-profile and sensitive institution finding itself compromised, but it does demonstrate a number of good practices in the event of a cyber attack.
The Federation discovered the breach thanks to their front-line security systems, disconnected from infected services, alerted the public and had a contingency plan in place. You can’t fault their diligence.
So where does the fault lie? We may not know until the investigation concludes. Suffice to say that many breaches can be avoided with some simple human precaution – it’ll be interesting to see if this is the work of an elite cyber-criminal, or a crack in the human firewall.
Are you concerned about your company’s vulnerability to a cyber-attack?
Maybe you need to refresh your teams on the basics of Cyber Security?
At Mirus we can check your cyber resilience by way of a Security Health Check and provide Cyber-Security Systems and Training, as well as Data Backup and Recovery.
Find out more: