UK Parliament attack on email accounts

This appears to have been managed and eventually closed down.

http://www.computerweekly.com/news/450421403/Business-as-usual-at-Parliament-after-cyber-attack?utm_medium=EM&asrc=EM_EDA_79109293&utm_campaign=20170626_Business%20as%20usual%20at%20Parliament%20after%20cyber%20attack&utm_source=EDA

It does raise the question though that if 90 or so accounts were compromised, were the controls in place working at the appropriately high level 5 maturity?  This is the true test of effective cyber security.  It is not a “tick box” activity of saying we have guidance in place, or that we are well aware when such an attack is happening, but much more about ensuring the controls are sufficiently agile to address the attacks that will happen (increasingly frequently) in an appropriately short time-frame. In maturity terms (service management terminology) continually optimising the controls is the only real defence against cyber attacks.

Agile security controls are the key and ultimately they may lend themselves eventually to become almost/completely automatic in their operation.  In the meantime, effective means both human and computer operations working harmoniously, and in complete cooperation, in a timely manner to address whatever is thrown at them.  It would seem in this instance, from press reports, that there is a need to improve the way passwords are created and used and to consider 2 factor authentication, at least for the remote accessing of the accounts.  Undertaking a maturity assessment of the effectiveness of the most significant and important controls is a way to check on this.

See: https://apmg-cyber.com/products/cdcat

Post Tags
About Author: Andy Taylor

1 comment(s) on “UK Parliament attack on email accounts

Leave a Reply

Your email address will not be published. Required fields are marked *