Fraud Management & Cybercrime
,
Geo Focus: The United Kingdom
,
Geo-Specific
Former Royal Mail and Manchester University CISOs Talk Ransomware Response
Timely notification of ransomware incidents to British law enforcement agencies played a crucial role in understanding the threats and in developing mitigation strategies, the former security heads of Royal Mail and the University of Manchester said.
See Also: Demostración Del Producto: Backup Y Recuperación De VM
The LockBit ransomware group in January 2023 targeted Royal Mail, disrupting international shipping for several weeks. Hackers in June 2023 stole 7 terabytes of data, including confidential personal information from students and staff from the University of Manchester.
Speaking at Information Security Media Group’s London Summit on Tuesday, Jon Staniforth, CISO of Royal Mail, and Heather Lowrie, former University of Manchester CISO, said government cyber agencies helped them handle their cyber incidents.
Staniforth said Royal Mail reported the incident to the National Cyber Security Center and National Crime Agency within hours of detecting the breach. “The agencies shared a lot of information of with us, and then at certain points, some of their own staff came in and worked alongside after,” he said.
Based on a recommendation from the agencies, Royal Mail negotiated with the threat actors for nearly three weeks, which he said helped the organization to “buy time so we could understand what was going on.”
Lowrie said the external help was a “moral boost” for her organization. “When you’re working through an incident, to have those external partnerships and support as we discuss reporting to NCSC and NCA and others is really valuable.”
A survey published by the Department of Science, Innovation and Technology in April found widespread reluctance to report incidents, often due to fear of fines or reputational damage (see: Half of UK Firms, Charities Failed to Report Cyber Incidents).