A local government authority in London was forced to spend over £12m ($11.7m) in a single financial year to help it recover from a devastating ransomware attack, according to a local report.
The October 2020 attack, traced to the Pysa/Mespinoza variant, resulted in sensitive data of local residents and council staff being published on the group’s leak site several months later.
Now, around two years after the attack, the Hackney Citizen has reported that it cost the council millions to recover data, replace affected systems and shift a backlog of work including land searches for property transactions, business rate and council tax payments, and disbursement of COVID support and energy rebate funds.
Also detailed in the report was £444,000 spent on IT consultancy during the past financial year, £152,000 on recovery of the Mosaic systems used for social care and £572,000 on the housing register.
The cyber-attack reportedly forced council staff to rely on pen and paper, downed printers in local libraries and resulted in theft of data for “a high number” of people whose benefits were processed between July and October 2020.
Matt Aldridge, principal solutions consultant at OpenText Security Solutions, argued that public sector bodies need not only to put the right processes and technology in place to mitigate cyber-risk, but also to focus on their own staff.
“To mitigate the risk of future attacks and build cyber-resilience, it is critical to ensure that staff are properly trained to prevent breaches, and that their skills are regularly tested. By participating in security awareness training, staff can learn to report possible security threats, follow pertinent IT policies and adhere to any applicable data privacy and compliance regulations,” he added.
“Taking the opportunity to rehearse different types of breach response and recovery scenarios is also key, particularly for large or complex organizations where critical processes may need to be operated under extremely adverse conditions.”
Chris Vaughan, VP of technical account management EMEA at Tanium, argued that endpoint visibility and control are the bedrock on which effective security should be built.
“A narrative has emerged in some parts of the cybersecurity industry that attacks are becoming so sophisticated that they can’t be stopped, and that therefore IT teams should focus their efforts on reacting to incidents rather than preventing them. However, I would challenge this,” he said.
“Breaches are avoidable because they are often caused by simple things such as a work device not being patched or a staff member clicking on a link in a phishing email. This tells us that more can be done to minimize the chances of attacks being successful and therefore protect public sector funds.”