Greater Manchester Police cyberattack; expert analysis
September 2023 by Raj Samani, SVP and Chief Scientist at Rapid7
With the recent news of Greater Manchester Police suffering a ransomware attack, please find commentary below from Raj Samani, SVP and Chief Scientist at Rapid7.
“The ransomware attack on Greater Manchester Police is another kick in the teeth for public services. An organisation is only as secure as its weakest third-party network, and security protocols are only effective if all of their third-party providers are equally secure.
Cybercriminals are aware of this and will attempt to breach the weakest link in the chain to gain access to systems and steal highly sensitive data. The exposure of sensitive information such as the identities of undercover officers can jeopardise criminal cases, and at worse, endanger officers’ lives. Therefore, it is even more important that supply chains are secured.
It’s crucial for public services to implement basic security hygiene standards as this will considerably reduce risk. As a top priority, organisations must implement and enforce Multi-Factor Authentication (MFA) wherever possible – in the first half of 2023, around 40% of security incidents were due to weak MFA. Additionally, network perimeter devices are primary targets for attackers; therefore, critical vulnerabilities in these technologies need to be remediated immediately.”