Page 46 - the SyI Quarterly 11
P. 46
Cyber Updates
Thames Tideway
cyber-attack exercise
Following an increase in global ransomware attacks individuals belonging to an organisation can use
and the UK National Cyber Security Centre’s warnings their knowledge of the organisation’s security and
of hostile actors targeting infrastructure providers, information practices to orchestrate or develop the
Tideway decided to gauge its preparedness for such cyber-attack.
an event. In November 2019, in collaboration with
London Resilience Group, Tideway conducted a The shock and confusion among staff was clear.
crisis-management exercise aimed to test, validate The information systems department was soon
and provide opportunities to develop Tideway’s overwhelmed and just as shocked by the speed of
cyber-security defence capabilities. The ransomware the initial attack. Crisis-management teams were
scenario was a hybrid minimal-notice exercise. subsequently able to use structured processes to
understand the situation, agree priorities and set a
Meticulous planning ensured that any associated strategic direction. W
risks were mitigated to minimise disruption to the
business. A Tideway service provider for threat The key learning themes identified were that the
monitoring (ThreatSpike Labs) supported the delivery business had limited understanding of a ransomware
of this exercise, using its software to target individual attack and its impact on systems and business
employees and generate fake ransomware, thus continuity. The true impact, financial cost and
replicating a real-time cyber-attack. The scenario recovery timescales of such an attack were also
started with a “spear-phishing” campaign, with misunderstood. The exercise drove discussions
targeted emails sent to individuals. This was delivered on disclosure, how the ransom request should be
by procuring a domain name that closely matched handled, and which partner agencies to involve.
the Tideway email address that was used to send Colleagues from UK Central Government and the
health and safety alerts. Metropolitan Police Service’s Cyber Crime Unit also
observed the exercise and were able to provide
Once the email and attachment were opened, valuable feedback and advice based on real incidents.
ThreatSpike used a pre-agreed employee list to
deny staff access to the network by “blue-screening” Although organisations can never fully protect
their laptops. As more members of staff opened themselves against cyber-crime, Tideway’s
the email, confusion and panic set in. Information commitment to enhancing staff awareness with
display screens housed on the fifth and sixth floors the existence of robust and practised procedures
of the headquarters building began to display a ensures that the organisation is in the best position
ransomware message demanding £15 million in to respond to cyber-attacks.
Bitcoin in return for releasing Tideway systems.
The exercise demonstrated that shared
After the initial spear-phishing element, the understanding and organisational preparedness for
ransomware injection provided a focus on the very such incidents is vital in reducing the recovery time.
real threat that organisations face. To improve
organisational learning, the ransomware attack was - Charles Frank CSyP MSyI
combined with an “insider threat”, a less understood
risk closely associated with cyber-crime, where
46
