The heart-stopping moment a company CEO is told the business has been hacked with a ransomware demand was shared by packaging industry professionals at the second APPMA Digital Lunch.
Hosted by Nigel Collins, the online event saw Deloitte’s head of cyber risk David Owen give a presentation on how cyber attacks happen, what can be done to prevent them, and how best to deal with the aftermath.
The ensuing panel session had Rosanne Jessop, CEO of Pilz Australia, Mark Dingley, CEO of Matthews, and Jamie Rossato, information security director at Lion, discuss their experiences with Owen, and take questions from the audience.
The presentation highlighted the need for all business large and small to take constant proactive steps to manager their cyber security. It was evident to the audience, through the candid revelations of the panel, that it is fairly easy for any business to fall behind in their online security, which can lead to devastating consequences.
Dingley recounted answering a 6am Friday morning phone call to be told Matthews had been compromised, and the ensuing intense operation over the following days to fend off the attack, rescue the company’s data, and get back online.
Jessop told of the moment her overseas head office simply closed down all communication channels following an attack, leaving the Australia business with no access to any office documents or emails, and no way of telling its customers, or its employees it was out of action, while HQ attempted to sort out its problems.
Giving an idea of the scale of the problem, Owen said Deloitte has a department of 400 dealing with cyber attacks for its clients. He said that since 2016, and especially since Covid, ransomware attacks have risen exponentially, and that ransomware was the biggest issue in cyber right now. He said the advent of working from home in Covid had significantly weakened the defences of most businesses.
Owen went through a typical timeline of a ransomware attack, which generally starts four or five weeks before the company knows anything about it, while the malware works its way through the system, destroying alarms and back-ups, and corralling the data. Around day 35 is the first a business knows, and by then there is little they may be able to do.
Ransomware enters through stolen or guessed passwords, through USB sticks, through phishing emails, and through vulnerable parts of the system. Emails fail, restoration fails. Owen said it is at this point that business typically realise their network diagrams are out of date, and their system logging does not work, and it is not long after this that key people become saturated and stressed.
Owen then took the audience through the dynamics of a ransomware attack, from the first stage of initial access, through to consolidation, and then on to the impact.
He said, “Assumptions are often the biggest challenge. People assume their systems are secure for numerous reasons, when they may not be. They assume their data is getting backed up, when it may not be, or may be getting backed up to somewhere that can also be destroyed.”
Owen said the advent of Industry 4.0 and Smart Factories, while great news for manufacturers, was also problematic for cyber security, as they are open to risk. He said it is important for businesses to understand their weak spots, and to segment where possible so that an attack on one area would not lead to wholesale closure. That weak spot may be something as simple as the CCTV around the factory. In regard to DDOS attacks, where a server is flooded, he said software is available to throttle unexpectedly high levels of traffic.
![What's the worst that can happen? [Slide courtesy of David Owen, Deloitte]](http://yaffa-cdn.s3.amazonaws.com/yaffadsp/images/dmImage/StandardImage/cyber-risk-smarter-factories.jpg)
Rosanne Jessop had been CEO of Pilz Australasia for just a month when the global giant suddenly closed down its online network. She said, “We couldn’t even tell staff or customers we had been shut, we had no way of letting them know.”Jessop said the closure of the office-based Windows platform had a big effect on production.
She had already flagged the use of USB sticks by staff as a potential security flaw in the few weeks since her arrival, and the company was reviewing its cyber security when the attack happened.
Dingley shared the “life-changing” moment when he was told Matthews had been attacked. He said, “If you had asked me before then if I thought our systems were up to scratch I would have said yes, but they clearly weren’t.”
The ransomware did destroy the online back-ups, but fortunately Matthews had instigated a monthly offline back-up process, so was able to reload new servers with data only a few weeks out of date.
Dingley paid tribute to his cyber insurance company, which had the business back up and running within four days on new servers, albeit with the old data. Dingley says, “It was a huge challenge, we were literally working 24/7, I would not wish it on anyone.”
Dingley said he realised that every member of staff had a role to play in cyber security, and since then runs monthly tests of the system, including phishing tests. He said, “You are only as good as your weakest link, and with everyone on home networks there are areas of weakness that need to be identified.”
Jamie Rossato at Lion said all businesses need to be prepared for a cyber attack. He asked the audience, “Do you know who to call if you are having a ransomware or DDOS attack? Do you have alternative comms structure set up so you can let people know what is happening. Do you know what your active directory is and how to protect it? Do you have a plan?”
Rossato also flagged the need to know how data should be restored, in what order and priority, saying, “I had a case where a business, under intense pressure to get going again, got to the point of restoring files, and rather than specifying finance files and systems first, and complex systems last, was going through simple alphabetical restoration, which meant hundreds and hundreds of two megabyte Christmas party photos were being restored, which slowed the whole process down considerably, to the detriment and intense frustration of the business.”
He said that ransomware was successful when it was able to compromise all the back-up files, so having ring-fenced back-up was essential. He also said that backing up also gave an operational dividend, as well as ensuring that the business would be able to function under attack, and he said IT security should not be something that is done when there is a “bit of spare time” but it should be factored into the operation.
The panel was asked if cyber security should be handled inhouse or by a third party, with Mark Dingley saying by both. It was also asked whether a cloud-based server or physical servers were best, with the consensus being cloud is more secure. The panel also supported the use of multi-factor authentication.
The 50 minute Digital Lunch on Cyber Security packed a lot in, and certainly gave everyone attending the imperative to ensure their systems were secure, they were backing up, were aware of their weak spots, and had a plan of what to do should they be subject to an attack.
