A couple of years ago I was contacted by a local SME Engineering business, after they had embarrassingly been impacted by a Ransomware attack, denying the business access to several their critical engineering assets and templates, resulting of course in client impact, and a black mark against their trusted reputation. As they, like many SME’s were low on IT and Cyber Savvy Skills, joined by the fact they did not have in place a robust/adequate backup strategy, their only alternative was to pay – and on this occasion, thankfully there was honour amongst thieves, and they did receive by return the encryption keys to unlock their golden, engineering business assets.
Given I am local to this adverse event, contact was made, and I was invited into their offices to review their cyber security posture, with focus on any prospect of a future Ransomware attack. I thus conducted the review and put in place several proactive security elements to enable a better level of resilience should any future adverse condition arise. And these included:
- TORs for the small IT Team
- Policies and Procedures
- Incident Response Plan
- A Robust Backup Plans
- And plugged them into a CERT, and multiple Alert Intelligence Feeds
At that time, I also advised they use multiple iStorage FIPS-140/2 secure encrypted drives to store their engineering data and critical assets on, this to also cover their areas of expected governance in relation to those mandated aspects such as GDPR. On that visit, I also demonstrated how they could store all their day-to-day important files on a secure drive which was set to READ-ONLY, thus provisioning access to the contents whilst not exposing files to the adverse testicles of another Ransomware attack.
Well, this week I have been encouraged by my fellow mankind who, it would seem has listened. Within the last seven days I was informed that the said company has suffered yet another compromise from a random passer-by Ransomware attack. However, this time, proactive steps were in place, and they were back up and running in quick-time, and only lost short-term data which was not, in the great scheme of things critical.
The MD of this small company, who would prefer to remain anonymous called me to express his thanks, and gratitude for such a simple piece of common-sense advice has saved the company yet another pay-out into the hands of criminal gangs, but more the point was that the business could carry on working, with very little impact to their supply chain.
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.