2. Biz Network June 2021 39-80.qxp_Chamberlink 01/06/2021 09:09 Page 47
BUSINESS CRIME & PROTECTION
FEATURE
How can businesses
stay safe? Joe Burns is a certified ethical hacker and co-founder of Ilkeston-based Reformed IT, a cyber security and IT solutions company. He sees first-hand the damage being inflicted on businesses from cyber-criminals – noticing an increase in SMEs suffering financial losses – and often works alongside police forces to help with breach remediation. Now on a campaign educate businesses of these risks and how to avoid becoming another victim, he speaks to Business Network about some of the questions he’s frequently asked. WHAT IS THE LARGEST LOSS YOU’VE SEEN A BUSINESS SUFFER IN THE EAST MIDLANDS? In late 2019, I was called in to help investigate a sophisticated social engineering attack on a business that led to someone transferring in excess of £100,000 to fraudsters from the company bank account. Social engineering is where the attackers mislead individuals within the business in a way to encourage them to do something they shouldn’t typically do. This could be to reveal a password or information, buy vouchers from a store or, in this case, transfer large sums of money. The fraudsters usually do this by impersonating trusted people either within the organisation or external authoritative organisations such as banks and IT companies.
THERE HAVE BEEN SOME HIGH-PROFILE RANSOMWARE ATTACKS IN RECENT YEARS. HAVE YOU SEEN ANYTHING SIMILAR WITHIN THE EAST MIDLANDS? Yes, ransomware can be extremely damaging to a business and if it hasn’t got a good backup and disaster recovery
plan, it can cause a lot of business interruption. Ransomware is a method that has been used by hackers for decades but has become more prevalent in the past 10 years. It typically works by getting someone in the organisation to run a piece of software on a computer, which then encrypts all data on the network to make files unreadable without a password. This password will have been set by the attackers and instructions left for the victim to pay a ransom in order to get access to their files again. Recently, I have dealt with a case where a business in Derbyshire had its server hacked into. The hackers then encrypted all the data and because they had full access to the system, they encrypted the backups as well – leaving the business with no access to its critical files and customer information. The hackers demanded nine bitcoin (which is valued at £363,000 at the time of writing) to return access to the company’s systems and data. In the meantime, the business was unable to correctly service its customers without resorting to pen and paper.
‘The business was unable to correctly service its customers without resorting to pen and paper’
business network June 2021
47
