NEBRC Case Study: Responding collectively to a cyber-attack on a local North East school
At this time, the circumstances of that breach were unclear, and Framwellgate School Durham chose to work with the NEBRC to understand if they had any weaknesses in their network, that could be exploited to steal data. To this end, the NEBRC team selected two Offensive Security Certified Professional (OSCP) ethical hackers from Northumbria University to work alongside industry professionals to assess their network’s vulnerability. This assessment looks at the perimeter of a network (the point at which the network meets the internet) and inside the network to identify weaknesses. If found, the team will categorise weaknesses based on severity and likelihood, explaining the risk in layman’s terms. The beauty of these assessments is they can be completed quickly, and remotely, meaning no NEBRC staff need to be on-premises. The team quickly identified weaknesses in the external infrastructure and worked collaboratively with the school’s IT team and technology provider to identify routes to mitigation.
As this mitigation work was taking place, the school received an email extortion demand, from hackers claiming to have stolen 40GB of their sensitive data. The email had an attachment that contained a sample of the school’s data, verifying that the school had suffered a significant data breach. At this point, the vulnerability assessment was paused, and the NEBRC linked the school to a local company, Waterston’s, who undertook an incident response to understand how the breach had occurred.
The Waterstons team that undertook the response included an NEBRC alumni student who had worked with the NEBRC and, upon graduation, armed with his NEBRC experience, secured work in the private sector. Waterstons established that cybercriminals had compromised the network for some time, and they worked with the school to secure the network, and quickly get the school back up and running in a time of crisis. The compromise had occurred via weaknesses the NEBRC student ethical hackers identified, during their vulnerability assessment.
The NEBRC continued their assessment work post-incident, writing a report on their findings and presenting their work to the school’s IT and leadership team, receiving great feedback.
“Their response, from initial email to undertaking work, was within a day which helped us to secure the network through targeting priorities in order.
Working with NEBRC was a thoroughly supportive experience, from the initial Teams call and subsequent phone calls to post-crisis communications. The team was non-judgemental, was supportive, and made us understand quickly that it is known vulnerabilities that are attacked, not the school.
The NEBRC worked closely with other support stakeholders, including the police, Waterstons, Durham’s PCC, the IT support team and an external IT support company to coordinate work and share critical information.
The support and advice given by NEBRC and the exceptional work of the ethical hackers was something I never expected to have to experience, but with their support the school was scaffolded quickly and is in a much better place due to their expertise, compassion and guidance through a very difficult time”.
Wendy Pattison Framwellgate School Business Director.
Sometimes, failure is the greatest teacher; the school now recognises that the presence or absence of vulnerabilities often determines the likelihood of an attack. Proactivity trumps reactivity. If the NEBRC team had assessed the school earlier, they could have addressed the weaknesses, preventing the subsequent attack.
Wendy is happy to share the experience that the Academy went through in the hope that lessons learned by her school may help colleagues across the sector to prevent incidents in the future and know who to contact for support should the worst happen.
For further guidance on protecting you and your business please contact: enquiries@nebrcentre.co.uk
To stay up to date with the ever-changing digital landscape and security threats, sign up for our free core membership
The NEBRC is a Police led non-profit organisation that seeks to educate, inform, and support businesses across the UK on how to protect their business online through good cyber security practices.