IT HAS been reported that the Western Isles Council is in the process of requesting more funding to help it tackle last month’s cyber attack. According to reports, Comhairle nan Eilean Siar (Western Isles Council) is still locked out of its systems following the attack, and intends to seek emergency funding from the Scottish Government to help with recovery costs.
“We will seek support from partners such as Scottish Government with this because this is after all, an emergency event, a resilience event,” highlighted Malcolm Burr, the council’s chief executive.
In response to the news, Brian Boyd, head of technical delivery at i-confidential, has commented:
“It’s been almost a month since this attack was first announced, but based on this latest update, it sounds like the council is still deep in forensics, working to restore data and establish how the attackers initially breached its network.
This highlights just how long a process cyber attack recovery can be. While the assault itself can be executed in seconds, the clean-up can take months, costing hundreds of thousands, or even millions, of pounds. As an example, it took Hackney council over a year to recover from a ransomware attack, which cost over £12 million. Hopefully this is a situation the Western Isles council will avoid.
The council is evidently working with Police Scotland and NCSC to help investigate the attack, but it sounds like more funding will be required to get its systems back into full operation. This isn’t very surprising when an organisation is facing an attack that affects all of its data. While most people view the ransom demand as the biggest potential monetary loss, it’s actually the data loss and downtime that can place the most serious financial burden on an organisation. Downtime can put systems and employees out of service, while data loss can be irrecoverable, which means spending man hours trying to rebuild it.
Organisations should use this attack as a further reminder to improve their defences against ransomware. This means practicing good cyber hygiene, where systems are up to date, backs up are stored on premise and in the cloud, employees are regularly trained on how to recognise phishing emails, all systems and devices are inventoried and secured, and recovery from different events is documented and practised on a regular basis.
When organisations take these steps, the difficulties in recovering from ransomware are avoided because attackers cannot easily compromise systems and there are no longer worries about data loss or paying demands.
Instead, attacks can be avoided and there is no disruption.”