Local authorities across the UK are being targeted by sophisticated cyber attacks aimed at disrupting their computer systems. News emerged recently that Gloucester City Council has been the victim of an attack for the second time in a decade, with the latest attack disabling online revenue and benefits, planning, and customer services for a month. The council has also said that it could take months more in order to restore service as the affected servers need to be rebuilt. These attacks are usually ransomware, which demand a financial payment in order to restore access to encrypted files.
When an organisation is successfully infiltrated in this manner multiple times, the question becomes whether they have learned their lessons from the previous attack. While cyber-attacks are becoming more sophisticated, it is almost always basic security mistakes that hackers take advantage of in order to gain access.
How did it happen?
In the case of Gloucester City Council, the malware was delivered via an email phishing attack sent to an employee, which is the most common method used by cybercriminals to bypass the outer perimeter defences of an organisation. It’s no secret that delivering the attack via email is still the most common method used by cybercriminals to deliver their ransomware payload. It should therefore be where organisations focus their defences, yet still, the attacks are successful.
What can you do to prevent attacks?
It is ultimately your employees that are opening the phishing attacks, and they need the training to allow them to differentiate quickly between what is real and what is a cyber attack. Too many organisations rely on e-learning modules delivered once a year, which is soon forgotten and staff do not feel engaged. It is imperative to support these modules with entertaining and engaging live training. At Falanx Cyber we do this by telling stories of attacks we’ve planned and executed in order to show how simple it can be and to help staff understand the cybercriminal’s motivations and skills.
But we have antivirus so we are protected?
We also must ask the question of why antivirus software has not stopped the attack. Unfortunately, antivirus alone is no longer considered sufficient. Even the cybercriminals themselves have been quoted as saying that companies need an extra layer of protection known as Managed Endpoint Detection and Response (M-EDR), which you can think of as a more advanced version of anti-virus that works alongside your existing anti-virus solution and protects you against these more sophisticated threats.
How Falanx Cyber can help
At Falanx we believe the Managed part is key – we have a 24/7 Security Operations Centre that is collecting information from your laptops and other devices in real-time, allowing our analysts to block anything that may cause damage to data on the device, such as ransomware. We combine bleeding-edge technology with our highly skilled analysts to provide that enhanced level of protection.
Alongside our M-EDR offering, we have our flagship Triarii MDR service that extends your protection across your entire network and cloud. Combine M-EDR or MDR with robust offsite backups of your data and you’ll have excellent protection against ransomware attacks.
Contact us now for more information.