Bolton business owners have ‘no hiding place’ from the increasing threat of cyber attack.
That stark warning was delivered at a special interactive seminar held at the town’s Holiday Inn and organised by NatWest bank and Holker IT.
Sarah Jackson, a director at Bolton-based building validation solutions company BVS Ltd, said: “It was very useful, particularly as all attendees were given the chance to witness a real-world cyber attack first hand. It really made you stop and think and certainly heightened our understanding of the situation.”
Matthew Metcalfe, managing director at Holker IT, said: “Our aim is not a scare mission – although the consequences of a cyber attack can be devastating – it is simply to explain the very real dangers businesses face when they fail to pay due attention to system security.”
Adam Clayton, business growth enabler at NatWest, said: “We are very conscious of the need to keep our customers fully aware of the perils posed by hackers and to guide them on how best to protect their networks, data, systems and staff. Cyber security is clearly of great importance and the presentation was very well received.”
On 27/06/2017 a piece of malware, thought to be similar to last month’s WannaCry ransomware, shut computers down worldwide.
The malware mimicked 2016’s Petya ransomware leading researchers to initially believe this was a modified version with updated exploit code including the notorious EternalBlue utilised in WCry. After further research, however, it was discovered that this malware had much worse consequences than encryption – it aimed to wipe as many infected hard drives as possible. It is extremely unlikely that paying any ransom will help you against this malware.
As well as EternalBlue, PetyaWrap (or NotPeyta or ExPetr), utilises PsExec a command execution tool on Windows systems which is preinstalled with the malware and if that doesn’t work it will use LSADump which will look for passwords still held in working memory in order to gain administrative privileges and propagate further.
To protect against this it is first imperative to have your system patches up to date to protect from EternalBlue, it is also very important to have administrative privileges restricted wherever possible so that PsExec cannot run any commands, finally, any good anti-malware software should catch these three spreading methods as all are common infection techniques.
At Holker IT we take protecting our customers seriously, if you require support with managing your IT infrastructure and security please get in touch.
How vulnerable is your business to the threat of cyber attacks? Falling victim to a ‘cyber attack’ and the often devastating consequences is a major concern for all businesses.
But help is at hand in Macclesfield and East Cheshire this month thanks to a special interactive event. Holker IT is joining forces with NatWest bank to stage ‘Cyber Security for Business’ at Macclesfield Town Hall, on Tuesday 20th June.
Attendees will experience a real-world cyber attack first hand, find out about the different types of attacks and learn how to best protect their network, data, systems and employees.
Cyber security is very topical and every business is vulnerable to attack. It is imperative that all firms – small, medium or large – take the necessary steps to ensure their computer systems are protected from theft and damage to both hardware and software.
The consequences of a cyber security attack can be costly both to reputation and finances.
The event will start at 8:30 am and run for three hours, including time for networking and questions and answers.
Tea/coffee and breakfast will be available.
Register for our event today and make IT and cyber security an important focus in your business. Places are limited, please book early to avoid disappointment. Book Now.
I recently attended a University seminar by Professor of Human-Centred Technology Angela Sasse (FREng) in which she updated students on ‘Why Johnny and Jane can’t encrypt’.
Now for those in the audience, like me, who don’t really feel a burning need/requirement to encrypt my email and texts I’d never imagined that if I ever did want to encrypt that I wouldn’t be able to. But clearly, post seminar, the issues around encryption are more complicated than I’d thought.
So why can’t Johnny and Jane encrypt?
It seems to be because the software solutions we currently have at our disposal are just… not up to the job, yet! Certainly in terms of texting, the 2 main encryption apps in common use, Telegraph and Signal, both have their flaws when it comes to ‘usability’ such that users can falsely think their text was encrypted, when in fact it wasn’t, which sort of defeats the whole purpose of using the app in the first place.
Their second problem is that both parties in the text exchange need to be using the same text app, which if they don’t, leaves the text sender with a choice or whether to send the text un-encrypted or… not at all. And that shouldn’t take a research grant to figure out that most people just… want to send the message.
Encrypted email is an easier problem to solve if an organisation want their staff to encrypt all emails before sending as there are a number of software solutions which will do just that, encrypt everything and ‘force’ the recipient to download the encrypted email from a central server. Whether they are using the same email client or not doesn’t matter. But secure email solutions, 1. come at a price; and 2. carry a time and inconvenience overhead which may motivate some users to circumnavigate the system all together in favour of faster, less secure methods of sending emails. Again, users invariably just want to send the message.
So is it really a case of Johnny and Jane can’t encrypt or is it just that they won’t? Is it that they would if were easier or are most users like me and just don’t feel the need to encrypt all their emails and texts, yet?
The answer is simple – if sending an encrypted message was the default and sending an un-encrypted message was, by default, harder and took longer, I can guarantee you… everyone would encrypt.
ps – If you want to experiment with the Signal messaging app and stop the NSA/GCHQ from reading your highly confidential texts, give it a try and see how many of your contacts show as using it already – I suspect not many.
Join us for our Cyber Security for Business event in partnership with NatWest, on 29th March from 8:30 – 10.30 am to learn about cyber security and how to protect your business from cyber attacks.
How vulnerable is your business to the threat of cyber attacks?
Experience a real-world cyber attack first hand!
Find out about the different types of cyber security threats
Learn how to protect your network, data, systems and employees from attack
The consequences of a cyber attack can be costly both to your reputation and finances.
Register today and make IT and cyber security an important focus in your business.
REGISTER FOR THE EVENT
Philip Hammond announces £1.9 billion of funding to increase the UK’s cyber defenses.
Well, more of a re-announcing of old news than new news as the funding was allocated over a year ago and some of it has already been spent in creating the new National Cyber Security Centre (NCSC).
In terms of our response to the news(!), we still applaud the fact that the Government appears to be taking cyber security seriously but at the same time we remain concerned. As long as the UK lacks a clear strategy for tackling the looming cyber skills gap, cyber risks will continue to increase and continue to negatively affect productivity and profits.
This was confirmed to me recently after attending a careers fair at a local school. It was clearly evident from the lack of an IT presence there will be very few students signing up to become cyber-security professionals anytime soon. We would therefore urge the Government to make sure some of the £1.9b is targeted at getting more young people into the cyber profession.
We would also recommend that the NCSC targets the common threats which plague personal and business users alike on a constant daily basis and cause huge damage when successful. The core problem with these common low level attacks is that they require very little skill to launch and carry zero risk for the attacker so clearly they aren’t going to go away anytime soon. That’s why they should be a key focus of a UK cyber strategy. Yes, defending critical infrastructure from the Russians is important but personal and business users alike will benefit hugely and directly from better central defenses against the common everyday threats and I for one would like to see tax revenue spent on.
For now we’ll have to wait and see.