Responding to the threat of ransomware

By Dr Andrew Larner | 20 November 2020
  • Dr Andrew Larner

Earlier this week, Dan Peters reported (The MJ 17 November 2020) that council chief executives have been warned by the Cabinet Office and National Cyber Security Council (NCSC) that there is an ‘urgent need’ to take steps to mitigate the threat of a ransomware attack on the sector.

Ransomware is growing as a tactic amongst cyber criminals and, equally concerning, the use of as a service is now commonplace. 

Criminals are creating attacks specific to individual councils and local government; recent headlines about successful attacks on Redcar & Cleveland and Hackney councils exemplify the devastation to local services ransomware causes, not to mention the eyewatering costs of attempted recovery. The NCSC states: ‘Criminals highly likely view them as a lucrative target for extortion…’

Which means it’s not a question of whether you’ll be attacked, but when.

In 2019 iESE completed a research project on digital and technology. Two things were clear: current protection technology for the edge of our infrastructure is on its last gasp, and none of our current edge protection works when our infrastructure incorporates connected operational technology.

iESE is constantly seeking ways to support local government and following our digital research we looked for new technologies to fill the enormous, exploitable gaps left by traditional cyber protection offerings.  We found one, AppGuard. It works in an entirely new way.  It’s trusted by the military and major financial institutions. We have been trialling it in UK council environments for six months and it is the only technology to protect your systems from attacks never seen before (a zero-day defence).

It was originally developed for US Defense organisations to secure field operatives returning from hostile environments. The technology operates differently to antivirus and detect and respond systems by blocking malicious processes from detonating, which means that, even if one of your workers inadvertently opened a document containing a hidden malicious code, it would not activate and could do no harm, leaving workers unaffected and able to continue their vital roles.

Local authorities typically call on the services of NCSC and their partners to help consolidate and rebuild affected systems during cyber emergencies; AppGuard could be deployed to assist this process by dramatically reducing the time and cost of rebuilding systems.

Key difficulties that forensics teams face include identifying which applications and files are infected; understanding how the malicious code is activated on systems and files and recognising whether it is persistent. They also need to feel secure that re-infection will not occur during rebuild and that back up files are safe to restore.

AppGuard will block all malicious processes and subprocesses even if they have not been previously identified during the emergency, it does not require previous detection or identification of malicious activities to work, nor does it require connection to the internet. It will provide forensic data on all suspicious and malicious activity during the rebuild, without impacting the rebuild itself. Providing total visibility and control to your incident response teams.

We will be running a live cyber defence demonstration. To register your interest please click here.

Dr Andrew Larner is chief executive of iESE

comments powered by Disqus
Data Security



Open Now

Join your colleagues as we celebrate local governments brightest stars from the last 12 months.

theMJ Awards