phone_bluetooth_speakerUNDER ATTACK? S.O.S. LINE 800.929.5416

Top Categories

Spotlight

DOH wants contact tracing intensified amid increase in COVID-19 cases

todayMarch 9, 2021

COVID-19 Thomas Schildgen

DOH wants contact tracing intensified amid increase in COVID-19 cases

DOH wants contact tracing intensified amid increase in COVID-19 cases Health Secretary Francisco Duque III said there is a need to intensify contact tracing activities amid the increasing number of coronavirus disease 2019 (COVID-19) cases especially in the National Capital Region. (JANSEN ROMERO / MANILA BULLETIN)“Contact tracing should be intensified, [...]


Hackney Council tenders for cyber security upgrade

Cyber security Sharie Paris todayJanuary 23, 2021

Background
share close

Bacho Foto – stock.adobe.com

Suppliers are being invited to tender for enhanced cyber security capabilities at ransomware victim Hackney Council

Alex Scroxton

By

  • Alex Scroxton,
    Security Editor

Published: 21 Jan 2021 17:15

London’s Hackney Council is tendering for new security assurance capabilities and will evaluate a number of suppliers to take on the task, following a ransomware attack on its systems last year that, months later, has left many of its key services disrupted.

In a request for proposal (RFP) posted to the government’s Digital Marketplace, the council said it intended to establish and manage its risks across all its ICT environments to minimise the risk of a future cyber attack on its systems.

“Hackney Council is reviewing the way we deliver security assurance, following a cyber attack in October 2020 and implementing changes to where required,” the council wrote.

“This work will include a review of some of our technological tools as well our governance arrangements and processes. This work will be underpinned by a concurrent piece of work focused upon the security culture within the team.”

The project will deliver two key strands of work: a review and strengthening of policies, processes and procedures; and an analysis and implementation of new security, behaviour and skills capabilities.

The council said it had already identified a number of skills gaps and capacity shortages of its own accord that could hinder the rapid delivery of the project: user research to establish current behaviours and cultures impacting cyber security; analysis of business, procedure and policy to distil that information and turn it into actionable practice; and senior security practice to assist in the design of new processes, and delivery of training and best practice to council staff.

The budget for the project is between £200,000 and £250,000, excluding VAT, and the programme is set to run for approximately six months, with the selected team working alongside the council’s staffers “in an agile project style”, probably remotely due to the pandemic. The closing date for applications is set for 2 February 2021.

The attack on Hackney’s systems, which first unfolded in October 2020, was described by Hackney mayor Philip Glanville as “morally repugnant” and “utterly deplorable”.

It has affected thousands of Londoners, and caused ripple effects that go far beyond the availability of IT systems – for example, property purchases in the borough have ground to a halt.

Although the council was at first reluctant to disclose the precise nature of the attack, it was forced to confirm it was ransomware after the Pysa/Mespinoza gang leaked some of the stolen data online earlier in January in an attempt to conduct a double extortion attack.

The fact the data was leaked at all is a strong indicator that the council has not paid the gang – which are described by Emsisoft’s Brett Callow as “horribly amateurish” – any ransom money and is wisely refusing to do so.

Content Continues Below


Read more on Data breach incident management and recovery

  • Sepa data leaks as agency resists ransom demands

    By: Alex Scroxton

  • Old, on-premise systems targeted in Hackney ransomware attack

    By: Alex Scroxton

  • Hackney Council data leaked by Pysa ransomware gang

    By: Alex Scroxton

  • Ransomware ‘businesses’: Does acting legitimate pay off?

    By: Alexander Culafi

Written by: Sharie Paris

Rate it
Previous post

LOGO



Products


Company


Contacts

Support