
In the short term, we needed to act quickly and sensitively to get services back up and running for more than 250,000 users. This would mitigate the adverse effects of the attack as far as possible. We also needed to close vulnerability gaps in the council’s services by providing them with a security-led digital transition and implementing a wider culture change to prevent an attack like this from happening again.
Responding at pace, we immediately embedded a highly-skilled Digi2al team within the council to reinstate and maintain cyber security. Our team worked to win the trust of employees and stakeholders by acting as an empathetic ear, ascertaining the facts with a strict ‘no blame’ culture. This was crucial for understanding what had gone wrong and assessing the true scale of the problem.
At the same time, we used our extensive and wide-reaching networks to sensitively gather information on the attack on the council’s behalf. This knowledge and information allowed us to rebuild the council’s services in the shortest time frame possible, helping to meet the needs of their most vulnerable users. Once our short term objective was met, we then supported the council to improve their digital security and culture by migrating from an on-premises to off-premises (Cloud) solution. We also implemented a culture-change: upskilling three local apprentices within the council’s team to work as fully-fledged Developer Security Operations (DevSecOps) going forward.
Digi2al migrated the council’s systems to a Cloud-based service, assuring their ongoing cyber security. By embedding a DevSecOps team within the council, we didn’t just solve the short-term problem, we equipped them with the skills they need to protect themselves in future. A cyber attack can be devastating for an organisation and takes a deep and emotional toll on the people working there. This situation was no exception and we saw first-hand how it impacted the council’s employees. Due to our swift and effective response, the confidence of those working within the council was restored. Their employees have since been able to speak out about what happened, and have become advocates for pre-emptive digital transformation and cyber security.