CASE STUDY: What happens when a link in your supply chain breaks

Updated: Apr 15

We recently spent some time with one of our Trusted Partners, Solutions 4 IT to discuss a recent case study whereby a manufacturing firm's client had fallen victim to a Ransomware attack.


Solutions 4 IT are based in the West Midlands and have been serving businesses by improving the way they use workplace technology, and offering proactive support that removes IT headaches and allows clients to focus on their core business.



What was the incident that took place?

Earlier this year Solutions 4IT were informed by one of their manufacturing clients that a major customer that they deal with had suffered a Ransomware attack. The client asked Solutions 4IT to ensure that the breach had not also affected their systems.


While there was no indication that the client had been compromised the risk factor had increased as both companies shared documents and emails with each other on a regular basis.


The client is security-aware, and they correctly identified the risk and did the right thing by contacting their provider.


What steps take place after an attack has been identified?

The first priority was containment, to ensure no further documentation, files or emails were being sent between the two companies, the Ransomware attack aided this as the customer was unable to operate until the attack had been contained. This meant no data was flowing between the two companies.


An email alert was sent to all employees which outlined the situation and for them to contact Solutions4IT if they receive any suspicious emails.


The next priority was focused on detection, Solutions 4IT needed to ascertain if there had already been a successful compromise, a fast response will limit the potential impact. We reviewed our telemetry data to ascertain if there were any signs of unauthorised access or any alerts that may have been generated.


The majority of the investigation was spent in the detection phase where we systematically went through each of our security systems to verify that they were functioning correctly and that no threats or unusual behaviour had been detected.


Backups were also checked during this phase as a precaution. Our final review detailed that no compromise or unusual activity had occurred to our client, but due to their early warning to us and our security processes and systems in place, we would have been well placed to isolate and control the incident.


What was the impact upon the business as a result of the ransomware attack?

The customer who was attacked suffered a significant loss of income and reputation but was able to restore their systems from backup within a few days.


How could I prevent my business from falling victim to a similar attack?

When dealing with an attack of this nature it is evident how critical the backup solution is, without an appropriate backup in place the downtime would have been much longer and potentially they would have lost all data that had been encrypted.


It is also critical to ensure your organisation takes steps to ensure security of all systems and have a qualified team in place to react to the incident.


Risks to and from the supply chain can take many forms as seen in this case study the customer failed to adequately secure their systems which could also have compromised the supplier.


How can The Cyber Resilience Centre for the West Midlands help make my business safer?

Instead of taking the chance of falling victim to a cyber attack like this, sign up to our FREE core membership which provides:

🔐 Opportunities to learn more about cyber resilience for your business

👍 Support to achieve Cyber Essentials or Cyber Essentials Plus scheme

🛡️ Tips and guidance to help you learn how to procure good value private cyber security professional services

🛠️ Easy access to Government recommended free tools and resources

🕵️‍♂️A newsletter featuring the latest regional and national cyber threats


With 43% of cyber attacks being aimed at small businesses, and with only 14% being prepared in the event of an attack, there has never been a better time to join us.


Take a look at the membership packages available on our Membership page. www.wmcrc.co.uk/membership.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.