Attendees at this week’s Opportunity Harlow event were given a fascinating, and somewhat startling, insight into data protection and cyber-attacks, including the methods used, and weaknesses exploited by hackers.
Cyber-attacks are the single largest risk to businesses
Our expert speakers from Raytheon UK and Digital Pathways covered how cyber-attacks are the single largest risk to businesses. They explained that the future survival and reputation of a company depends on their level of protection against these cyber risks and threats, and that companies are only as strong as their weakest link, which is typically the supply chain. SMEs wanting to win new business contracts from larger businesses and organisations, in either the private or public sector, need not only protect their business data but demonstrate to their customers that they understand the risks and can evidence the measures they are taking to guard against them.
David Carter and Philip Long from Raytheon UK began the event by explaining how all companies are constantly at threat from data breaches and cyber attacks. Raytheon has over 195,000 employees worldwide with 2,000 employees and 1,800 suppliers in the UK – all potential entry routes for hackers. Furthermore, being in the defence sector makes Raytheon a prime target. In fact, Raytheon globally is the target of over 2.5 million attacks every week varying from individuals acting on behalf of hostile foreign governments, to schoolchildren experimenting in bedrooms. Philip Long explained that cybercrime is always evolving, getting more sophisticated and complex often with unlimited funding behind it, which is why companies like Raytheon invest extensively to protect themselves. Hackers will generally take the easiest route into a large business and that’s often through their suppliers.
Therefore, it’s essential for suppliers to not only be aware of cybercrime and how to protect their businesses, but also to know how to assure those that award new business contracts, of their commitment to preventing cyber-attacks and data breaches. This can be done by gaining cyber hygiene accreditations. Raytheon’s potential partners are expected to hold a minimum set of formal cyber hygiene credentials such as CyberEssentials, CyberEssentials+ and ISO27001 certification.
However, Philip Long highlighted that cyber accreditations should not just be a plaque on the wall. Raytheon look thoroughly into their supply chain’s data protection and cyber security capabilities and will only consider suppliers that have a culture of security embedded within the ethos of their company.
Colin Tankard from Digital Pathways then provided a fascinating journey into the minds of hackers and the techniques used to access data. His analogy is that a business or supply chain is like Swiss cheese – there are holes everywhere, but a hacker only needs to find one to enter.
Examples of hacking methods were provided:
- Email (purporting to come from a known business contact who have themselves been hacked) containing links to malware
- Pop-ups i.e. “your printer is out of ink, please click here …” messages
- Soft targeting to children who may be less aware of malicious links
- “Man in the middle” attacks where an attacker positions themselves between a user and an application, then uses it to capture the user’s log-in details
- Access to webcams or CCTV – where hackers can visually see a password entered on a keyboard
Attendees were provided with examples of practical steps smaller businesses should take:
- Educate your users/employees
- Protect passwords – ensure default passwords are changed and use two factor authentication
- Investigate your own supply chain – are they protected?
- Disconnect former employees who may still have access to your network
- Ensure data protection and usage policies are outlined in employee contracts
- Be aware of Bring Your Own Device (BYOD) vulnerabilities when employees use their personal mobile phones and computers to access your systems and data.
- Encrypt your data so it becomes less of an issue if hacked
- Use antivirus but also data leakage protection
- Back up data but be aware where backups are stored as that’s often the first target
- Monitor your network – do you know which devices are connecting to it?
- Update to latest versions of software and apply patches as required
Colin Tankard summarised by giving examples of why SMEs should protect their data:
- All data is valuable
- Cost of recovery could be thousands
- Inability to invoice your clients
- Damage to your reputation
- Fines for breaching GDPR
- Will enable you to get a cyber certification and therefore be a potential supplier for larger businesses such as Raytheon as well as being a mandatory requirement for central government contracts where confidential information is involved and increasingly in other public sector contracts.
The presentation ended with a final warning:
“It’s not if you’ll get hacked, it’s when.” Colin Tankard, Digital Pathways
All businesses and organisations will be targeted whether that’s governments, large businesses or SMEs, but being aware, educating your employees and taking necessary prevention steps is essential to keep your business safe, and to benefit from working on large contracts in the future.
Who attended the event?
Small businesses in the Harlow area that wanted to learn more about protecting their business against cyber hacking and understand what credentials are expected from today’s suppliers by those awarding new business contracts.
After the presentation attendees were engaged in a Q&A session with the speakers followed by time to network with each other over complimentary breakfast.
Who were the speakers?
David Carter – Director of Supply Chain Management, Raytheon UK
Philip Long, FBCS – Digital Technology Director, Raytheon UK
Colin Tankard – Managing Director at Digital Pathways
More information can be found in the Resources area of the Opportunity Harlow member’s portal where you will find:
- Full set of presentation slides
- A video of the event
- More Cyber Security resources for SMEs
Tools to help you to discover if you are vulnerable: