Have the Red Devils pulled-off the (cyber) ‘save’ of the season…? Whilst a small part of me (being a life-long ‘Gooner’) would certainly crack a smile if, part-way through a bitter, two-horse race for the Premiership, ‘the Reds’ were to suffer a cyber incident, dashing any hopes of securing a title-win, the responsible owner of an Managed Cyber Security firm must win-out here.
So, working with the minimal facts on the ground, was it a ‘super-save’ or a ‘lucky deflection’?
Well, that remains to be seen but, if we’re to believe what we’re being told thus far, quite possibly, yes!
The NIST CyberSecurity Framework, whilst developed by a US institute, sets out 5 clear phases involved in adopting such a framework:
IDENTIFY | PROTECT | DETECT | RESPOND | RECOVER
So, how did they do? Well, so far as we can tell:
– Steps were taken to IDENTIFY the risks, no-doubt through an assessment process of some description, and PROTECTions implemented:
– “the club has extensive protocols and procedures in place for such an event”
– Attack DETECTed and RESPONDed to:
– “Our cyber defenses identified the attack”
– Club “shut down affected systems to contain the damage and protect data”
– Club statement confirms they “had rehearsed for this risk”
5) RECOVER phase hopefully mapped but, in this instance, potentially minimal recovery required.
– “Club media channels, including our website and mobile app, are unaffected”
– “not currently aware of any breach of personal data”
– “All critical systems required for matches… “remain secure and operational and tomorrow’s game against West Bromwich Albion will go ahead”.
Additionally, The Register reported separately that the club have also informed the ICO (Information Commissioner’s Office) so, pending any future statements and / or the release of any details pertaining the ongoing investigation, it looks they may have delivered a ‘Masterclass’
Now something of a rarity on the pitch. Sorry… Couldn’t resist! Well, that remains to be seen but, if we’re to believe what we’re being told thus far, quite possibly the former!
How well would you stand-up to a cyber-attack?