In July 2021, as the Financial Times reports, Northern Rail (a U.K. based travel operator) was hit by a suspected ransomware attack that been affecting their new line of self-service ticket machines. The system was offline for over one week.
Northern Rail said that data related to customer and payment has not been compromised; however, the issue is concerning given the volume of commuters using such technology on a daily basis.
It cannot have pleased railway operators given that the machine was new. The cyber issue came just two months after 621 of the touch-screen units were installed at 420 stations across the north of England at a cost of £17million ($25 million), according to BBC News.
The incident demonstrate that even where the latest hardware and software are installed, security vulnerabilities will often continue to exist.
Expert comment
In response to the news Arcserve’s Senior Director of International Product Marketing, Florian Malecki contacted Digital Journal to discuss the matter.
Looking at the issue in hand, Malecki weights up the good and bad points: “One positive out of all this is that Northern have followed the correct procedures, allowing them to quickly isolate any affected servers and confirm that no personal data has been compromised.”
The lesson for other businesses is here to see, says Malecki: “Knowing what to do and the speed that organisations can react to these situations is critical, otherwise it’s highly likely that this attack could have been much worse.”
With Northern, it was not as a big a problem, Malecki explains; “Fortunately, the company had other systems in place so that the impact on consumers is minimal.”
However many other businesses with be exposed. Here Malecki cautions: “Organisations need to really buckle down and get on top of protecting their systems, whether that’s by investing in better cyber security measures, strong backup systems or a more inclusive cyber health awareness culture internally.”
How this translates into practical action, Malecki recommends: “The 3-2-1-1 rule is best applied here, but we often see many companies ignore this. This example is another cry out for companies to rethink and act now before they find themselves in the same position as this recent example with Northern.”
