London TfL cyber attack: Mitigation approaches and best practices
A teenager has been arrested and bailed on suspicion of causing the cyber-attack that affected Transport for London (TfL) IT systems on September 1, but it’s not yet known if he acted alone or as part of a wider threat.
TfL runs the city’s public transport network, and although the attack did not disrupt travel, it affected internal systems and led to the shutdown of some services. In addition, TfL confirmed that some customer data was compromised including names, contact details, and potentially bank account data.
Shashi Verma, TfL's Chief Technology Officer, said:
"Our investigations have identified that certain customer data has been accessed…As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take”.[1]
Reports suggest that TfL have also taken mitigating actions including asking staff to work from home and re-setting the passwords of some 30,000 employees via in-person appointments to verify identities.[2]
Resilience and business continuity practitioners will not be surprised by the news of another cyber-attack. BCI research[3] indicates this type of crime is becoming more frequent, with 74.5% of organizations reporting an increase in attempted cyber-attacks over the past year. In the future, organizations believe cyber-crime is the top risk in both the short and long-terms.[4]
To help prevent successful cyber attacks business continuity practitioners should work with IT departments to implement a regular training and exercising programme that ensures staff understand their preventive actions can stop threat actors penetrating the organization. Indeed, BCI research found that awareness and training was the top priority of respondents. Scenario testing, reviewing insurance, seeking the support of top management, working with suppliers to ensure they have cyber resilience in place, and a strong PR strategy, as demonstrated by TfL’s proactive customer support, all form part of a multilayered approach to cyber resilience.
Simon Contini, FBCI & Dell CTOa for Global Cyber Resiliency Services said:
“Having supported customers since the significant attacks of 2015, I have witnessed firsthand the critical role that regular training, scenario testing, and strong leadership play in building cyber resilience. The recent TfL incident highlights the necessity for organisations to adopt a comprehensive, multi-layered strategy that includes proactive customer support and collaboration with suppliers, especially in our interconnected, post-COVID supply chain world. By aligning with upcoming UK regulations which are similar but aligned to NIS2 and DORA (marking the first time regulations have focused on so much on IT/ICT in resiliency and security) organisations can further fortify their defences against ever-evolving cyber threats.”
Practitioners can seek guidance and strategies from upcoming regulations such as the Network and Information Security Directive 2 (NIS2) due in October 2024 and the Digital Operational Resilience Act (DORA) due in January 2025. Although both set digital regulations for the European Union, business continuity practitioners can use them to align their organization to best practices.
In addition, the BCI Cyber Resilience Special Interest Group aims to improve the field of cyber resilience. Practitioners are welcome to join this group which fosters supportive discussions, information, and networking opportunities for cyber resilience professionals.