Hackney Council still hasn’t recovered from its ransomware attack last October, which saw stolen data posted on the dark web by the PYSA ransomware gang.
According to the London Borough of Hackney’s website, key services that continue to be affected include:
- Applications and licenses
- Benefits, council tax and payments
- Children and families services
- Council homes
- Data protection
- Payments
- Planning
- Reporting and ordering
House purchases have fallen through in the area as the council was unable to process land searches, and some of the area’s most vulnerable residents were not paid their housing benefit.
The good news is that Hackney Council is working hard to make things better. And one of the ways in which it is doing that is by looking for some external expertise to evaluate its staff’s understanding of their security responsibilities, and help them adopt effective security practices.
Why the work is being done
Hackney Council is reviewing the way we deliver security assurance, following a Cyber attack in October 2020 and implementing changes to where required. This work will include a review of some of our technological tools as well our governance arrangements and processes. This work will be underpinned by a concurrent piece of work focused upon the security culture within the team.
Problem to be solved
We are delivering two key strands of work:
* Behaviour, Culture & Skills (Analysis, recommendation & implementation)
* Policy, Process & Procedure (Review, recommendation, change/strengthen)We have identified some skills gaps and capacity shortages that would hinder rapid delivery of a high quality set of outcomes.
User Research (to help design, conduct and understand behavioural and culture now)
Business/Procedure/Policy Analysis (to help create and distill user stories, conversations and data and turn into actionable procedures/practice).
Senior Security Practice to act as a second pair of eyes and to help design new processes, deliver training and best practice to our teams.
It’s interesting to see how much emphasis is being given to improving the security culture and user behaviour. Far too often this is an area of computer security which is brushed aside in favour of technological solutions.
The truth is that cybersecurity is fundamentally a human problem, not a technological one. One has to suspect that it was a human behavioural issue which was the primary reason the council was hit by the attack rather than anything else.
The budget for this work is set at £200,000 – £250,000 + VAT, and – understandably under the current circumstances – Hackney Council is quite happy for you to work remotely.
So if you’re interested apply now.
You have until 2 February 2021 to apply.
Hat-tip: Thanks to Evan Jones for bringing this latest development to my attention.