The Stuff of Nightmares

Whilst the recent cyber attacks at Marks and Spencer, the Co Op and Harrods have filled the news, spare a thought for organisations that suffer an attack yet don’t make the same headlines. In some of those organisations the impacts are arguably more drastic than with a retailer.

In 2020 Redcar and Cleveland Council in the UK were hit by a cyber attack that locked down its systems. They lost the ability to share information with police and the NHS, meaning social services and elderly care services were unavailable. The effect on very vulnerable people was immense. The disruption lasted ten months, with many applications having to be recreated manually. A recent BBC investigation has described the chaos caused by the attack.

Were the council adequately prepared? Well, external auditors found that the council had had proper arrangements and controls in place to reduce the likelihood of a cyber-security breach at the time. Despite being prepared, cyber attackers still managed to break into systems and cause severe disruption, affecting real people, real lives.

A year later, in February 2023, a group of Russian hackers were sanctioned by UK and US government over a string of attacks on businesses, schools and councils, including Redcar and Cleveland.

But what if the attack had been on more than one council? The former head of the National Cyber Safety Centre (NCSC), Ciaran Martin, said his "biggest cyber-security worry" was the threat of simultaneous attacks on public services, like councils and hospitals, which had the potential to "wreck lives”. 

 Let’s hope Mr Martin’s fears do not come true.