Redcar and Cleveland Borough Council recently decided not to discuss the impact of last month's ransomware attack on its IT systems in the presence of the press and public, fearing that the disclosure could leak sensitive information.
The BBC reported Friday that the Redcar and Cleveland Borough Council unanimously decided not to disclose the impact of the ransomware attack at the moment with Steve Newton, the assistant director of Governance at the Council stating that the criminal investigation is still underway.
The ransomware attack, which took place on February 8 and rendered the Council's services offline, is presently being investigated by officials from the National Crime Agency and the National Cyber Security Centre.
On February 10, the Council said on Twitter that they were facing an issue with their IT system and that they were able to receive and answer limited calls and emails. The Council refused to disclose a timeline on when the issue will be resolved. According to BBC, more than 135,000 Council residents were not able to access online public services as a result of the ransomware attack.
Redcar and Cleveland Council's IT systems yet to be restored
"Our teams are working hard to bring our services back online. We would like to apologise for any inconvenience this may cause and thank you for your patience whilst we get this sorted out," reads the last update from the Council which was released on February 27.
"We can confirm that there will be no delay in allocating secondary school places following the ransomware cyber-attack which targeted the council’s IT servers on Saturday, February 8. The Council previously warned parents that there may be a short delay to the allocation, but IT and education staff have worked around the clock to run the allocation process as normal and parents and carers will now receive their allocations on time," the Council wrote on Twitter the following day.
“Our staff have gone above and beyond to be able to allocate the places by the National Offer Day on March 2 and we are delighted to announce that the offer letters will be issued on time. I would like to reassure parents and carers that the process this year has been robust and the allocation they receive hasn’t been affected by the cyber-attack," said Councillor Mary Lanigan, Leader of Redcar & Cleveland Borough Council.
"We are continuing to make significant progress in returning to full functionality and is doing all it can to minimise any disruption or delays to the public," Lanigan added. According to Redcar and Cleveland Council, the ransomware attack did not result in any kind of data loss.
Organisations must prepare for cyber attacks at all times
After news about the ransomware attack on the Council's IT systems went public, Matt Rahman, COO for IOActive, told TEISS that adopting a 'cybersecurity by design' framework or process – with networks, systems, applications and technologies designed and built with security in mind – allows organisations to take a proactive approach and should occur at every layer of the organisation that interacts with technology.
"This way, you have a clear understanding of what you’re connecting, who is using it and where it’s appearing within the organisation and how do you monitor it for security events. Essentially, you’re looking holistically at your entire technology ecosystem.
"As you have the right processes in place, organisations can respond quickly and effectively to potential breaches or vulnerabilities as and when they occur – and importantly, remediate any incidents that do occur quickly," he added.
Carl Wearn, Head of E-Crime at Mimecast, said that those responsible for leading any organisation’s cyber security must take sensible precautions such as non-networked backups, email and archiving fall-backs. This current threat should be a stark reminder that “it will always happens to someone else, not us ” attitude can no longer reside.