The forensic work of Randox Testing Services was compromised by rogue employees they had taken on. Police money was needed to bail the service out.
More recently Eurofins Scientific and Eurofins Forensic Services have been hit by a ransomware attack. Eurofins analyse half of the UK’s forensic cases. Court work has had to cease but UKAS accreditation continues.
UKAS’s list of sanctions still omits these companies. Their customers have worked out what to do even if UKAS hasn’t.
Criminals have no regard for UKAS certificates. But UKAS has regard for its fee income. UKAS spreads its warm, yet strangely unquantifiable, feelings of confidence while the police and courts have lost confidence and gone elsewhere.
The police don’t do much about online fraud and cybercrime anyway, so can this attack have been to interfere with evidence?
A knowledgeable commentator opined,
“Supply chain attacks are often coordinated, so relying on one company for a significant portion of your operations demands an effort to validate the defences they have in place before awarding a contract, and ideally on a regular ongoing basis,” said Mimecast’s Sloshberg. “Otherwise, the knock-on effect of a successful attack can expose serious risks for your organisation.”
Relying on a monopoly provider of ISO accreditation provided assurance rather than protection. This fact is being ignored here.
Truthfully, it’s the ISO accreditation certificates that never mattered. The police and courts can work out the implications for themselves.