Police CyberAlarm Case Study: Canny Clever IT
Small businesses are becoming more and more vulnerable to cyber-attacks such as malware, ransomware and data breaches. Stolen funds, compromised confidential data and reputational damage are just a few of the ramifications, as well as having a devasting impact on the victims.
Investment in cyber security is now becoming critical for organisations. Police CyberAlarm (PCA) isas a free tool that plays a significant role in helping its members gain a better understanding of cyber threats, as well as assisting police in getting a better picture of cybercrime activity and identifying those responsible.
As one PCA member found out when it suffered a significant cyberattack.
Ken Mosley, General Manager of Canny Clever IT, takes us through what happened, how PCA helped and the outcome.
|Please could you give a quick overview of your company?
We’re a retail and business IT support operation, offering support services to our clients. Our team comprises highly experienced IT professionals, all of whom have gained years of experience in the IT sector and deliver problem solving and creating innovative solutions.
|Please tell us how you became aware of the cyber incident that took place and what steps you took?
The incident we experienced was a significant ransomware attack, which we first became aware of when our files and workstations started to behave erratically. Our main corporate firewalls had also shut themselves down, isolating us from the outside world to prevent the attack spreading to our clients and network.
After assessing the likelihood of receiving a decryption key from the attackers with our insurers, we are fortunate that we are an IP services provider and possess the in-house expertise to recover from such incidents.
We opted for a complete ‘trash & burn’ exercise followed by a bare metal recovery across our entire estate. This is where we physically wipe every device on the network, to eradicate any trace of data, operating systems, malware and viruses.
The bare metal recovery is where we physically reinstalled the operating systems, then restored our previous day’s ‘known good backup’, ensuring minimal downtime and data loss. We are fortunate that we have the ability to take a ‘full bare metal backup’, meaning we can restore everything on a server, including operating system configuration, any other software and data.
|Where did you first learn about Police CyberAlarm (PCA)?
|Via a contact at Newcastle Building Society who connected me with the North East Regional Crime Unit and subsequently Police CyberAlarm. We joined as a member as it’s always good to have additional eyes overseeing our network and the free vulnerability scanning was a huge plus.
|What support was Police CyberAlarm able to offer?
After discovery, PCA was able to inform on the method of attack and help us close any vulnerabilities that previously existed. Without this help we would have suffered further attacks. Indeed, the next Police CyberAlarm report indicated almost 1.3m attempts to gain access in the week after it happened.
The information provided by PCA helped us understand the mechanics of this attack, which then led to us discussing the issue with the software developer responsible for the firewall and vulnerability that was discovered has now been fully patched by the developer. Police CyberAlarm is making a real-world difference in helping businesses understand and mitigate cyber threats.
|Would you recommend Police CyberAlarm to other businesses and organisations?
|Wholeheartedly. We recommend Police CyberAlarm to our clients, and despite being an IT services provider ourselves, we were still attacked and taken offline, despite robust policies, procedures and defences. Fortunately, we were able to recover quickly.
If you would like to become part of Police CyberAlarm or find out more about receiving regular security updates and reports to help you gain a better understanding of current threats, register on our website: www.cyberalarm.police.uk.