Guernsey suffered a cyberattack on its IT network, forcing deputies to log out of their email accounts. According to the States of Guernsey, the incident took place on June 27, and politicians were locked out of networks such as email and Microsoft Teams as a precautionary measure.
Deputy Mark Helyar, a former treasury lead for the Policy and Resources Committee, said that members lost access to their accounts when passwords were unexpectedly reset. Ge Drossaert, the States’ chief digital and information officer, said that the email accounts were targeted in the hack.
This cyberattack was detected, and quick action was taken to successfully prevent any of the risks it posed. No data or systems were compromised, and systems are operating as usual today. Due to the security protocols we have in place, we will not be commenting any further.
A deputy created a WhatsApp group to remain in touch. However, Deputy Meerveld criticised the IT department, saying it was unacceptable that they couldn’t contact or message members using WhatsApp to keep them informed of what was happening.
Meerveld mentioned:
We signed a very expensive contract with Agilisys to provide our IT support so my first question is “In what way did our IT support fail and could it have been avoided? The way it was handled subsequent to the attack appears to be staggeringly incompetent.
Deputy Helyar raised security concerns on Facebook about the password reset process. He spoke about receiving a request for a new password that included calling someone “with no identification required.
Deputy Helyar pointed out the hotline number could have been advertised, and passwords distributed “without ID or security”. Unfortunately, he had to write down the new, incorrect password on the back of a London menu.
In response, the States said that procedures are in place to authenticate people accessing the support desk. If any members are still having problems, they should bring their laptops to the weekly IT meeting on Monday for members of the States.
Deputy Meerveld commented:
The assumption that deputies don’t need their computers at weekends is unbelievable.
At Phishing Tackle, we know all too well that security technology is often left incorrectly configured, demonstrated by our free Domain Spoofing Test which currently gets past around 50% of users security systems.
Security Awareness Training remains one of the most cost-effective methods of boosting cyber-security within your business. Have a look at our free Click-Prone® Test to find out how many of your staff are susceptible to a phishing attack and learn how you can reduce this number today.