Let’s Talk: Cyber Security – Event Round-Up

Written By Georgia Halston

On Thursday 19th August, we were joined by experts in cyber security to discuss the importance of having particular regulations in place and discussing the future of cyber security and what this means for not just corporate industries; start-ups too.  

 Introducing the event was our co-founder Georgia Halston, starting our audience off with some recent stats; T-Mobile in the US has seen 50 million customers have their information stolen, as well as a Salford-based housing group seeing thousands of their tenants and clients have their data stolen.  

 

Our first speaker was Dan, co-founder at IT solutions company Jupiter IT; shining a light on a case study based on an SME handing over £20,000 to cyber criminals, and what you can do to stop this from happening.  

 

Cyber criminals will look on LinkedIn, Facebook, Companies House, and even the dark web in order to find out as much information as they can about a business. In this particular case, once all information had been sourced, they emailed the company MD and received an OOO (out of office) with dates; which pretty much gave the cyber criminals the data they were looking for: dates. 

 

They then sent an email to the finance department, more specifically to the person who is responsible for paying bills. Using the dates from the MD’s email, the group could tamper with the email to make it look as though it came from the MD themselves; “As I’m not back into the office until xx/xx/xxxx…” and asked them to check how much was in the bank account, as they “didn’t have access to the bank”. Pretty harmless information, right? Wrong.  

 

The next request was for a small payment of £52.45 to be made immediately, then the second payment of £212.74, and then a final payment of £22,112.74. ALL payments were made.  

 

How do you stop it?  

  • Physically call the person requesting payment to confirm 

  • Reassess internal processes to ensure payments are never authorised in this manner 

  • Have anti-phishing email washer in place for protection 

  • Ensure MFA is enabled on all email accounts 

  • Social media security 

  • Raise team awareness of cyber crime – not all phishing emails are simplistic 

 

Next up was Sam from Hack the Box, talking about enterprise cyber security and crafting attack ready cyber teams.  

 

In a nutshell, Hack the box train hackers; similar to the ones Dan was talking about, but with much more complex techniques, with almost 700,000 members, over 400 machines & challenges and over 800 corporations using Hack the Box globally.  

 

“The challenge that’s come up over the past 18 months is the cyber security threat ever expanding. The initial introduction to working from home meant that organisations attack surfaces drastically increased and presented a huge target for both opportunistic attackers and threat actors like Dan was mentioning, as well as APTs as advanced persistent threats and nation state funder attackers, causing AI incidents such as the Colonial Pipeline attacks.” 

 

“One thing that hasn’t changed is the need to keep security staff upskilled on ensuring that they are on top of the ever expanding cyber security threat landscape.” 

 

Hack the Box Attack Simulation Training Labs include:  

  • Continuous demand training; allowing your team to test new tools and techniques before moving them to a real engagement 

  • Certifications; proactively prepare for industry renowned certifications 

  • Grow and know your team; develop talent, readiness assessment, candidate evaluation  

  • R&D testing environment; allowing your team to test new tools and techniques before moving them to real engagement. 

 

Finally, Jay Kay joined us from ICC Group to discuss cloud security.  

 

ICC Group was founded in 1998, and supports over 33,700 devices, over 3,670 customers worldwide and have over 350,000 items ready to ship globally. Numbers have increased significantly especially around the pandemic where 81% of businesses have accelerated their cloud adoption; mainly due to home working. Some fun facts from JK:  

 

  • 200% jump in organisations planning to move 75% of their apps/workloads to the cloud 

  • 94% of enterprises now use cloud services 

  • 48% of businesses store classified and their most important data in the cloud 

  • By 2025, there will be 100 zettabytes of data stored in the cloud 

  • 75% of enterprises outline cloud security as a top concern.  

 

JK’s top tips:  

  • Define your data’s value and the impact of its loss 

  • Protect data via encryption 

  • Pay special attention accessible via the internet 

  • Ensure security architecture aligns with business goals and objectives 

  • Ensure adequately trained resources for implementation 

  • Continuous security monitoring 

  • Robust password policies with MFA 

  • Treat the cloud as you would your physical infrastructure 

  • Continuous training of all staff 

  • A well defined and tested response and disaster recovery plan.  

Georgia Halston
Previous

How Tech is Driving Sustainability
Next

Let’s Talk: Cyber Security