Lessons Learnt from our Cyber Attack
Greg Curcio (GAICD)
Director of Customer and Performance | Proven approach in helping businesses adapt to change, implement successful Customer Experience programs, and avoid costly transformations.
This month we celebrate our one-year anniversary…
Last year, City of Stonnington experienced a major crisis when we were the victims of a #cyberattack, forcing us to shut down our systems for 11 days.
12 months on, it’s time to reflect on that experience and share learnings. I’ve been asked by my colleagues to provide insights in the hope we can all share, improve, and pro-actively protect our customers and ourselves.
I had never managed a crisis like this, and as the designated Business Continuity Lead for this event, there wasn’t any training that could have prepare me for what was needed.
In late August 2021, we were fortunate that the Victorian Department of Premier and Cabinet alerted us of a possible cyber-attack on several city councils.?Upon investigation, evidence of initial stages of a cyber-attack which would lead to a complete compromise was confirmed in our infrastructure.?The investigation also revealed the presence of malwares. To prevent further compromises, we substantially locked down and isolated ourselves from the internet.
We then embarked on a response and recovery tactical operation to contain and treat the cyber incident, and to expediently restore systems and services to minimise disruptions.?All IT and project resources were re-allocated to work with the business to restore progressively, based on priority of needs.
Towards the end of our response and recovery, we began a Cyber Remediation and Essentials operation which concluded in December 2021 – significantly lifting our Essential 8 compliance and tripling our Microsoft Secure Score.
Response and Restoration Timeline and Action:
Post-Incident Cyber Remediation and Essentials Program:
Post the event we conducted a range of reviews; however, it was the remediation program that really accelerated improvements to our cyber security posture. We delivered a range of improvements over the proceeding 13 weeks:
领英推荐
Customer Benefits
What did we do well?
What didn’t we do well?
Post Incident Review Summary:
Closing remarks and reflections:
We could have made life easier for ourselves if we had at least half of those improvements, however, you can only plan for so much.
For us, the success was all down to our people.
Our amazingly dedicated people at City of Stonnington care deeply about the community and came together to work the problem and fix it. A real can-do attitude, calmness under pressure and supportiveness to get each other through a difficult time.
Thank goodness for the great culture we have at Stonnington.
You can’t write that into a Business Continuity Plan.
Lean Six Sigma Consultant @Greendot Management Solutions | Lean Six Sigma
4 个月@Greg Curcio, thanks for sharing!
?? Digital & Social Media Marketing Strategist | ?????? Marketing Lecturer at RMIT University |?? Industry Speaker
1 年Thank you for sharing this. Was a great showcase on what happened.
Chair Cloud Branch AISA.org.au | Australian Federal Government IRAP | IT Expert Gold & Diamond Mining | Cyber Lecturer RMIT University
2 年Thanks again for your insights Greg Curcio
Terrific insights Greg Curcio that can only be gained from real world experience, thanks for sharing!
Complex Problem Solver | Program Manager | Cyber, GRC, Big Data, Infrastructure & Advisory
2 年Thanks for sharing the pain and lessons learnt Greg. Most of us are 'fortunate' to not have been the subject of an attack while most who have, choose to put such an experience behind them as soon as possible. Sharing makes this ever so real and the lessons learnt helps us all be more active and vigilant. Very much appreciated!