DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 31, Issue 4

Full Contents Now Available!

Tuesday, 10 July 2018 15:16

A statement from the Business Continuity Institute

Early in the morning of 5th July 2018 the BCI became aware that we had become the subject of a targeted cyber-attack.

An attacker compromised account credentials and ultimately gained access to a single BCI email account. On discovering unauthorized access to the email account, we initiated our standard incident response process. We engaged outside specialists to assure ourselves, clients, and other stakeholders that the review was thorough and objective. The BCI took a variety of actions:

  • Immediately executed steps to stop and contain the attack.
  • Ascertained the size and scope of the attack. The team reviewed logs from the incident to understand what the attacker did in the email platform, and it used this information to guide its response to the attack.
  • Determined what the attacker targeted. The attacker targeted an email platform. This system is distinct and separate from other BCI platforms, including those that host client data, collaborative work among BCI professionals, engagement systems and other non-cloud based email systems. None of these were impacted. We know from the forensic review conducted by our own cyber professionals that the attacker was specifically focused on obtaining details of one particular client.
  • Reviewed materials targeted by the hacker. This incident involved unstructured data; namely, email. Through a detailed review of logs, the BCI was able to determine what the attacker actually did and that the number of email messages targeted by the attacker was a small fraction of those stored. We looked at all of the targeted email messages in a manual document-by-document review process, with careful assessment of the nature of the information contained in each email. By conducting this eyes- on review, we were able to determine the very few instances where there may have been active credentials, personal information, or other sensitive information that had an impact on clients.
  • Contacted impacted clients. The BCI contacted the single client impacted.
  • Alerted authorities. The BCI began contacting governmental authorities immediately.

The team determined that:

  • The attacker is no longer in the BCI’s system. The BCI has seen no signs of any subsequent activities. We have taken a number of important steps to remove the attacker’s access to our environment, including the blocking of IP addresses, disabling accounts, resetting passwords, and implementing enhanced monitoring.
  • No disruption occurred to client businesses, to the BCI's ability to serve clients, or to consumers.

The BCI remains deeply committed to ensuring that its cyber-security defences provide a high standard of protection, to investing heavily in protecting confidential information and to continually reviewing and enhancing cyber security.