Simon Morris, Research and Development Director at Pentura discusses the lesson in patching for Greater Manchester Police as they become cut off from the Police National Computer in Conficker attack
There has been an interesting story in the news this week about how Greater Manchester Police has been cut off from the Police National Computer (PNC) system after its PC’s were infected with the Conficker virus.
Conficker was created in November 2008 to exploit flaws in the Microsoft Windows Operating Systems. The virus connects with an Internet based terminal and links a network of computers each hosting the malicious Conficker virus and providing an effective platform for distributed denial-of-service attacks (DDoS), making a computer unavailable to its intended users – Manchester Police.
This incident reinforces the need for organisations to ensure systems are properly maintained and fully implement a manufacturer’s solutions or patches to fix problems with or update a computer program, including security vulnerabilities and other bugs that may result in sensitive information being leaked.
With many Public Sector organisations still recoiling from the national response to a recent data loss, it is imperative to re-gain the public confidence and reassure them that all sensitive data is secure.
Pentura has found that many organisations are still very early in the adoption of Data Leakage Protection (DLP). The problem is that many do not know where to start. Companies need to gain visibility of how big their data security problem may be and define a data security strategy that maps out what type of DLP solution is appropriate to their business, and how to implement this solution.
Several security breaches in the past few years to prove that organisations need to be more aware of data and how to secure it. The Manchester Police has been successful in minimising the effects of the Conficker virus by isolating the infected machines, this will ensure no further terminals are attacked and the risk of data loss is minimised. Had the Police not been aware of the virus it could have propagated through the system and targeted sensitive data utilising its own transport mechanism to release this to the public domain, the impact of which could have been catastrophic.
