Yesterday Royal Mail reported that a “cyber incident” is causing severe disruption to its services, urging people to avoid sending mail and parcels overseas. Royal Mail has assured customers that they are working hard to resolve this issue and will provide updated information shortly.
A Royal Mail spokesperson explains, “We immediately launched an investigation into the incident and we are working with external experts. We have reported the incident to our regulators and the relevant security authorities.
“We would like to sincerely apologise to impacted customers for any disruption this incident may be causing.”
Whilst details remain unknown, cyber experts from South West-based Cylera and BOM IT Solutions, including the former Head of Information Security at Royal Mail, have reached out to techSPARK to offer further insight into how this major attack may have occurred and what it means for cybersecurity in the UK.
Richard Staynings, Chief Security Strategist at Cylera, which helps to cybersecure much of the NHS:
“Critical industries seem to be constantly attacked and damaged suggesting that the UK government is not taking cybersecurity seriously enough.”
“The Royal Mail, along with healthcare, education, government, electricity, and a number of other industries are all considered critical to the UK economy. When a critical infrastructure industry is disrupted or attacked, its impact travels far, affecting many other businesses and individuals.
“The fact that critical industry sectors keep getting successfully attacked suggests that they are unable to attract and retain the right caliber of security staff”
“For this reason, these industries are supposed to be afforded extra levels of protection by the government, and when attacked consequently attract the immediate attention of the National Crime Agency and the National Cyber Security Centre.
“If an attack is deemed to have been launched by a foreign nation state, then the repercussions for that state could be very severe. In essence, a particularly heinous attack against critical national infrastructure could be seen as the equivalent of a military attack against the UK. The US along with other nations, has reserved the right to retaliate against cyberattacks with military force since 2011. Many states, including the US, Israel and Ukraine have responded militarily to cyberattacks that threaten their national security.
“Robust cyber-defense is critical to any key national industry, but as we have seen in the UK over the past five years, many critical industries including healthcare and education seem to be constantly attacked and damaged. This suggests that the UK government is not taking cybersecurity seriously enough. Nor is it ensuring adequate funding for cybersecurity programmes across critical infrastructure to defend against rising cyberattacks. The fact that critical industry sectors keep getting successfully attacked suggests that they are unable to attract and retain the right caliber of security staff, implement robust security processes, or procure and implement the best cybersecurity technologies and tools.
“There is a Maturity Paradox that has emerged over the past five years with the often-frantic development and deployment of new IT systems. This is where Digital Maturity has outpaced Cyber Maturity, leading to Technical Debt. This is the cybersecurity gap that many organisations have yet to properly address. They are playing catch-up but don’t have the resources to do so quickly.”
Anthony Davis, former Head of Information Security at Royal Mail until 2009, said:
“I have a good idea which systems at Royal Mail could be affected. But it’s early days so far, and the incident response will likely take some time. Let’s see what the investigation discovers and, if it was in fact a cyberattack, who was responsible. The National Cyber Security Centre is pretty good about attributing attacks to perpetrators, eventually.”
David Trump, Cyber Security Solutions Director at BOM IT Solutions:
David has over 15 years of experience working in the IT and digital infrastructure strategies space. Before taking up his current role at BOM IT Solutions, he worked at BT Global Services.
“‘Crippled’ Royal Mail international services could be because of threat actors”
“Royal Mail has announced severe disruption to its international export services due to a ‘cyber incident’, resulting in the postal service requesting its customers to refrain from using its services.
“Royal Mail cyber teams will have pre-defined and pre-rehearsed playbooks for this type of event. It is reported that they are already engaged with an external Incident Response team. These Incident Response teams will now be gathering as much information on the assailants, such as who are they, how did they get in, what systems and tools are compromised, if and what has been exfiltrated, if and what are their demands and how to remove the threat with limited business interruption.
“Threat actors have varying motivations to attack an organisation. Whether it be to harvest and sell customer information, staff credentials or session cookies on the dark web or other credential bidding sites. Or they could apply a ransom for encrypted data, which in the case of the ransomware attack on the retailer, FatFace, attackers located the victim’s cyber insurance documents during the breach to use as a bargaining technique with the hackers reported to receive £1.45m ransom payment.”

Shona Wright
Shona covers all things editorial at TechSPARK. She publishes news articles, interviews and features about our fantastic tech and digital ecosystem, working with startups and scaleups to spread the word about the cool things they're up to.
She also oversees TechSPARK's social media, sharing the latest updates on everything from investment news to green tech meetups and inspirational stories.