A ransomware attack on Lincolnshire County Council last week forced the council to shut down its systems, leaving its employees with nothing but pens and paper.
The ransomware, which is a piece of malware that encrypts all the data on the affected device and then holds it ransom for a sum of money (usually a bitcoin), has now been removed after IT staff worked over the weekend.
Julie Hetherington-Smith, the council’s chief information officer, said, “We’ve done a lot of checking and we, and the police, are confident that the data is safe. Nothing has been lost”.
She added that the council would be reviewing its security systems in light of the attack, and ensuring its antivirus software was the latest available.
The fact that the council suffered 103 data breaches between April 2011 and 2014 makes me question what ‘reviewing its security systems’ actually means, which raises two concerns:
- Why must it take an attack to make the council review its security systems – why isn’t this a regular task?
- Also, having the latest antivirus software isn’t going to protect them; there is no antivirus software available that protects from 100% of current threats. It’s not a solution – it’s part of a solution.
The attack on the council took place after a member of staff “opened” a malicious email. Whether “opened” means simply opening or it means downloading an attachment, I’m not sure.
My advice to the council would be to focus on its employees and ensure that they have the required knowledge to prevent these or similar attacks happening again. Also, rather than waiting for a security incident to happen before reviewing its security systems, I suggest that the council implements an information security management system aligned to the international best practice standard, ISO 27001:2013.
You can find out more about ISO 27001 by downloading our free guide, ‘The 10 Critical Ingredients to Reduce Cyber Risk with ISO 27001’.