We recently spent some time with one of our Trusted Partners, Solutions 4 IT to discuss a recent case study whereby a manufacturing firm's client had fallen victim to a Ransomware attack.
Solutions 4 IT are based in the West Midlands and have been serving businesses by improving the way they use workplace technology, and offering proactive support that removes IT headaches and allows clients to focus on their core business.
What was the incident that took place?
Earlier this year Solutions 4IT were informed by one of their manufacturing clients that a major customer that they deal with had suffered a Ransomware attack. The client asked Solutions 4IT to ensure that the breach had not also affected their systems.
While there was no indication that the client had been compromised the risk factor had increased as both companies shared documents and emails with each other on a regular basis.
The client is security-aware, and they correctly identified the risk and did the right thing by contacting their provider.
What steps take place after an attack has been identified?
The first priority was containment, to ensure no further documentation, files or emails were being sent between the two companies, the Ransomware attack aided this as the customer was unable to operate until the attack had been contained. This meant no data was flowing between the two companies.
An email alert was sent to all employees which outlined the situation and for them to contact Solutions4IT if they receive any suspicious emails.
The next priority was focused on detection, Solutions 4IT needed to ascertain if there had already been a successful compromise, a fast response will limit the potential impact. We reviewed our telemetry data to ascertain if there were any signs of unauthorised access or any alerts that may have been generated.
The majority of the investigation was spent in the detection phase where we systematically went through each of our security systems to verify that they were functioning correctly and that no threats or unusual behaviour had been detected.
Backups were also checked during this phase as a precaution. Our final review detailed that no compromise or unusual activity had occurred to our client, but due to their early warning to us and our security processes and systems in place, we would have been well placed to isolate and control the incident.
What was the impact upon the business as a result of the ransomware attack?
The customer who was attacked suffered a significant loss of income and reputation but was able to restore their systems from backup within a few days.
How could I prevent my business from falling victim to a similar attack?
When dealing with an attack of this nature it is evident how critical the backup solution is, without an appropriate backup in place the downtime would have been much longer and potentially they would have lost all data that had been encrypted.
It is also critical to ensure your organisation takes steps to ensure security of all systems and have a qualified team in place to react to the incident.
Risks to and from the supply chain can take many forms as seen in this case study the customer failed to adequately secure their systems which could also have compromised the supplier.
How can The Cyber Resilience Centre for the West Midlands help make my business safer?
Instead of taking the chance of falling victim to a cyber attack like this, sign up to our FREE core membership which provides:
đ Opportunities to learn more about cyber resilience for your business
đ Support to achieve Cyber Essentials or Cyber Essentials Plus scheme
đĄď¸ Tips and guidance to help you learn how to procure good value private cyber security professional services
đ ď¸ Easy access to Government recommended free tools and resources
đľď¸ââď¸A newsletter featuring the latest regional and national cyber threats
With 43% of cyber attacks being aimed at small businesses, and with only 14% being prepared in the event of an attack, there has never been a better time to join us.
Take a look at the membership packages available on our Membership page. www.wmcrc.co.uk/membership.