Cyber attacks and airline DR fiasco create rude wake up call signalling the end of Summer 2016


Two cyber attacks and a Disaster Recovery nightmare for a major international airline have caught our eye in recent weeks, reflecting the urgent need for business to pay attention to the smaller details as well as what lies in front of you.

Firstly, the matter of the Delta airlines DR fiasco in early August 2016.  What started as a small fire and power outage created a painful chain reaction, leading to 2,000 flight cancellations, millions of dollars of lost income and significant reputational damage.  At the technical heart of the story, 300 of the airline’s 7,000 servers were not connected to the backup power system. Remarkably, despite spending “hundreds of millions of dollars in technology infrastructure upgrades and systems, including backup systems”, Delta CEO Ed Bastian advised they were not aware of the vulnerability.  Huge comfort for Delta customers.  From a backup point of view, this omission is a basic error which belies lack of preparedness by Delta for business continuity and disaster recovery planning and testing.  Gartner’s data centre recovery and continuity analyst Mark Jaggers commented:  “A lot of people do disaster recovery testing around moving a workload between different sites, but once they have done that, do they go back and look for defects in the design of the systems that are there? I don’t know that many companies are doing that sort of testing after the fact or as part of a disaster recovery test”.  Added to this, the complexity of IT environments creates intricate interdependencies and it only takes one fault or human error to trip up.

Secondly, mid August produced the news that FTSE 100 accounting software firm Sage had suffered a data breach following unauthorised access of a login. Whilst unknown as to whether the source was internal and external, the result caused exposure of personal details and bank accounts relating to around 300 UK companies. The cost:  Sage’s share price tumbled in the early days by 4.3%.  The remedy – due diligence around access privileges to logins if an internal attack, or more complex credentials across different sites and systems used if a ‘reluctant insider (ie. a user whose individual user username and password(s) have been breached unwittingly).

Finally, the end of August 2016 drove a chill through the spine of the cloud storage market with news of the true extent of a breach by hackers believed to have originated in 2012, where account details of over 60 million Dropbox users was reported.  Dropbox’s remedy of forced password resets has now completed.  However, whilst the data dump did not appear to be listed in the main dark web marketplace where the data would be traded, reports are being made that the data is already in the possession of 3rd parties.  The remedy secure complex passwords which are changed regularly.

Assurance derives from MSPs with connected thinking on data security services.  Amicus ITS MD, Steve Jackson commented: “Organisations should review their mission critical business areas and processes to ensure they have up to date and tested security policies, procedures, staff education and strategy.  Annexing cyber security services like FoxcatcherTM and Amicus ViperTM with our Data Backup & Replication service and an analytics driven approach, creates Cyber DRaaS. This will be the future direction for companies to consider and a service which we are currently developing”.  Failure to take such positive steps mean that companies which might have sought to rely on remediation and recovery alone, will realise that the fallout from capital value from loss of brand confidence, trust, plus financial penalty is just too heavy a burden.

Law firms face increasing cyber attacks in 2016

law society of ireland

The start to Summer 2016 has seen a sizeable increase in recorded attacks on legal firms in Ireland, as reported by RTE news on 5th June 2016.  Over a dozen firms have recently suffered ransomware attacks.

Why is the legal sector a prime target?
The legal sector is a prime target for cyber criminals on one side due to the sensitivity and volume of private client data held on their computer systems and secondly, because of the large sums of money held by solicitors in their client accounts on a daily basis.

What are common ways for ransomware attacks to take place?
Computer systems can be compromised by ransomware attacks either through email or a web browser.   A user might open what to them looked like an innocuous email, which once opened immediately encrypts files across their entire network.  The message (which can be remarkably polite), then warns that immediate payment is required by a given deadline, or the files will be destroyed.  Victims will often see a timer ratchet as well, whereby any delays to settlement increase the sum demanded.  The warning is stark and often along the lines of:  “Any attempt to damage or remove this software will lead to the immediate destruction of the private key to your server.”

What kind of sums are involved in ransomware attacks?
Sums can range from a few hundred to many thousands of £pounds.  In this particular spate of attacks, the Irish legal firms had had ransom demands of between 5,000 – 30,000 Euros from the criminals to unlock their computers.

One solicitor wishing to stay anonymous commented: “The accounts system was in jeopardy, which we would be accountable for a closing balance of E4-5m every day to clients.  Trying to identify 2,500 clients whose money was actually in the account to the very cent was never going to be achievable going forwards”.

The general advice is for all organisations would be:

•      To regularly review your data security policies and procedures (and ensure they are up to date and fit for purpose reflecting the current threat landscape).
•      To regularly back up your data to mitigate any losses
•      To act expediently and deal with the issue
•      To deploy up to date antivirus software
•      Have effective web filtering
•      To utilise up to date firewalls
•      To educate staff to heighten everyone’s awareness about cyber security – what different attacks look like – and importantly what their process and actions should be should they receive something they believe to be a cyber threat.

This news comes on the heels of the annual risk management survey by Legal Business and Marsh which found that “IT security breach / data management accident or breach” was the highest risk to law firms in terms of damage it could cause and the likelihood of it occurring.

For regulated industries especially, the demand for effective and contemporary security systems and knowledgeable management teams will serve as a significant reassurance to their customers.  Amicus ITS provides specific Security as a Services offerings to protect against cyber attack. These include ‘Foxcatcher’ and ‘Amicus Viper’.  Anyone wishing to discuss any cyber security issues in confidence can ring the security team on 02380 429429.