Eric Holdeman | govtech.com »
One example from England, and what you can do.
The story below shows one instance when specifically “the police” refused to pay. More importantly, see the recommendations from cybersecurity experts that follows.
Providing for a secure operating environment keeps getting harder!
“The Daily Mail reported Sunday Russian hackers leak confidential UK police data on the ‘dark web’ after their ransom was rejected. The ransomware group “Clop” is reported to have stolen the data from the IT firm Dacoll, a company that handles access to the Police National Computer (PNC), after they refused to pay the demanded ransom. The amount of ransom has not been shared. One of Dacoll’s subsidiaries, NDI Technologies, provides officers remote access to 90 per cent of the UK’s police forces.”
Baber Amin, COO, Veridium:
“As more distributed compute and storage services become the norm, it is more important than ever to look at complete chain of suppliers and their internal security practices and processes. In this case both the IT firm and UK police should implement matching access control. Preventing successful phishing attacks, as usual requires a layered approach to security and access.
Eliminate all unauthenticated access by requiring every connection to be authenticated
- Eliminate all single factor authentication by enabling multiple factors
- Depending on the information being accessed, assign different authentication factors based on their trust level.
- Create an multi-channel authentication strategy such that a single compromised channel does not compromise the system
- Do not allow full access across all systems even if the user is authentication via some sort of MFA. Compartmentalize all access
- Implement tools that look for unusual activity e.g. probing, multiple failures, large data ingestion or large data extraction
- Implement tools that evaluate end point trust and can identify bots and automated processes
- Implement behavioral biometrics to distinguish normal users from bots and bad actors
Experts with Gurucul, Shared Assessments and YouAttest offer perspective:
Ron Bradley, VP, Shared Assessments:
“The recent revelation regarding UK Police records being compromised by Russian hackers is a classic example of the absolute imperative for not just trusting, but verifying 3rd, 4th, and N4th parties are properly vetted and assessed. During the assessment process, it’s an excellent opportunity to ensure the tenets of “least privilege and a need-to-know” are followed. Lastly, when vast amounts of confidential records are accessible, data owners must be fully aware and prepared for the eventual impact of a data breach, with all measures being taken to prevent the breach from occurring in the first place.”
Garret Grajek, CEO, YouAttest:
“Events like Russian hackers stealing police information coupled with the counter hacking going on by western governments and companies, (Microsoft took control of Chinese hacker sites 2 weeks ago) – are telltale signs that there is a full scale cyberwar going on. The gloves are off on both sides – the stakes are too high.
“The real question – is what do enterprises do with all the mayhem occurring? The key is to focus on solid security practices. The NIST guidelines on zero trust (SP 800-27) and cloud security (SP 800-210) are a good place to start. Identity is key to all of these directives and counter measures. This and begins with an enterprise knowing what identities are given authorization to which resources and is imperative to cyber security.”
The above was shared by Jeff Steuart.
External Link: What Happens When You Don’t Pay the Ransom?