It has been announced that tracking devices and panic alarms on prison vans have been disabled following a cyber attack on telematics and vehicle monitoring platform, Microlise. Since the disclosure of the breach last week, DHL and Nisa have announced impacts to their services, while this latest update reveals that Serco, one of the biggest contractors for the Ministry of Justice, which operates prisoner escort and custody services, is currently struggling to track the locations of prisoners. In response to the news, Elaine McKechnie, Head of Cyber Security Consultancy at i-confidential, comments.
“This is a worrying incident against Microlise, which is not only impacting logistics firms but also one of the biggest contractors to the Ministry of Justice.
Microlise is a telematics and technology solution for transport and logistics firms, which enables them to track deliveries. However, over the last few days, the organisation has suffered a serious cyber attack, which has rendered their technology unavailable.
“The company has not revealed what type of attack it is suffering from, but given threat trend activity and the information available, the incident bears all the hallmarks of ransomware.
“What is also interesting is that it’s not Microlise themselves who centre in the spotlight of the news.
“DHL and Nisa are struggling to track deliveries, while, more worrying, Serco, is unable to monitor the locations of prisoners and panic alarms on prison vans have been disabled.
This is a timely reminder that the consequences of supply chain attacks can be just as devastating as those targeting an organisation’s own infrastructure, so they must take steps to improve third party resilience as part of their cyber security strategies.”
According to i-confidential, steps to improve supply chain resilience, include:
- Know who your suppliers are – maintain a master supplier list and map suppliers to service relationships.
- Understand the risks – know what data your suppliers access, the criticality of the services they provide, and the impact of a service failure to your operations.
- Establish control and monitoring of your supply chain – conducting assessments of your critical suppliers and setting minimum security requirements for suppliers based on the risk that they pose.
“Know how you are going to respond if the worst happens – establishing business resilience plans, practicing how you will respond and communicate with your customers and the impacted supplier,” i-confidential‘s McKechnie adds.
For more cybersecurity news, click here