IT Cyber Security – Notes from the Workshop

[15.03.19]

Our speaker was Graham Fern, Technical Director, Axon IT.

Graham opened his presentation by stating that he would focus on Cyber Security – as a lack of security creates inefficiency.  The statistics were worrying:

  • 89% of businesses (76% of UK businesses) have suffered a cyber attack
  • 74% of security breaches are from stolen credentials

The Head of GCHQ, Head of MI5 and the Head of the Military had recently stated that criminal and terrorist cyber attacks were a real threat to UK businesses, organisations, infrastructure and our economy.

Graham gave three recent examples of local businesses that had suffered security breaches:

  1. The hackers watched the local company online for a period of time. The criminals knew who was responsible for what, who paid what, and when the key people were on holiday.  As a result they chose well their moment to attack. The criminals provided a convincing scam, and the company handed over £20,000 to the criminals.
  2. Another local company was attacked, which resulted in all of their computers dying (400 of them), which jeopardised their business. All of the computers have had to be rebuilt.
  3. A hacker gained access to a Director’s work email due to a really weak password (ie. Passw0rd1).  The hacker created a folder in the inbox and created a rule so any emails titled payroll, wages etc were instantly diverted to that folder and a copy sent to an external gmail account. The hacker watched for 4 weeks the comings and goings of the business. They identified the process of paying bonuses and wages. At exactly the right time the Director appeared to ask HR & Finance to have their bank details amended for the payment of their wages. The email conversation flowed back and forth with these emails titled as payroll in the subject being directed to the new folder under the inbox which in turn forwarded a copy to the hacker. The real Director was totally unaware of this happening!  Long story short all the communication was compelling and believable, the bank details changed and the Director’s salary and bonus were paid into to a 3rd party bank account which in turn sent the money overseas. Bye bye money……

 

Graham looked at:

  • The Threats – and how you can protect yourself and your business
  • How the Business of Hacking works
  • The Types of Attacks

 

This Workshop provided such an insight into Cyber Security, we will be hosting Graham again on 2nd October 2019, for another Cyber Security Workshop.  We would urge all business owners to attend this Workshop.  If you would like to attend please sign up here.

Castletons Accountants

Leave a comment