BMJ July 2023

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

BMF All Industry Conference 2023 DIGITAL & TECHNOLOGY

Led by Brian Winters, chief technology officer at ECI Software Solutions, the Digitalisation and Technology Workshop explored everything businesses need to know about cybersecurity and managing the risks associated with cyber-attacks.

“A RECENT SURVEY found that 58% of businesses thought they were too small to be a victim of cybercrime, meaning only 14% of businesses are actually prepared to defend against a cyber-attack. However, 43% of all cybercrime is actually aimed at small to medium enterprises (SMEs), companies with less than one million dollars in revenue and 500 employees. 150,000 dollars is the average cost to an SME when they are the victim of cybercrime and 67% of those SMEs go out of business within six months. Imagine coming in on a Monday morning and you’ve lost access to everything from your customer records to your inventory. All those things place a great burden on small enterprises and so the reality is that 67% of them go out of business. The reason that we are seeing such a huge increase in cyber activity is because the cyber terminals are making a lot of money. 10.5 trillion dollars is the expected revenue for cybercrime by 2025. In 2022, it was 7.5 trillion dollars. If you take all of the cybercrime in the world and put it into one country, it would be the third largest economy on earth,” said Winters.

Brian Winters, chief technology officer at ECI Software Solutions

10

“In 2021, ransomware alone costed 20 billion dollars in losses. Previously, ransomware attacks were just a black screen but now it is a full business. They understand how to talk to people, there are call centres, online chats and websites. Ransomware 2.0 is what we are calling this new version. Before they encrypt your files, they download all your files and extort you. Your files have been ransomed but you think you’ll just use a backup, no problem. However, they are going to contact you saying they’ve noticed you didn’t pay the ransom so they’ve downloaded 127,000 files from your system including your list of customers, employee records, etc. It then might be that they increase the ransom and this is why we see so many people pay the ransom. Years ago, only 30% of people would pay the ransom, today it is much higher,” he added.

How do you protect yourself?

“How do you protect yourself? Well, it is really hard. It used to be that we could just put up a firewall stop all the traffic coming in, keeping it safe and secure. Those days are gone and the most important thing is the incident response. This is where the 1,10,60 rule comes in. This means you are able to detect the event within one minute, you have to respond within 10 minutes and you have to mediate the attack within 60 minutes. It takes just over an hour and a half for the attacker to move from the initial point of compromise to other things in your environment. Turning off the machine gets rid of really valuable forensic evidence. Most of the bad guys will cover their tracks and erase any evidence that they were there. What they cannot do is take away the forensic evidence that sits in the memory. A lot of the information you need sits in the memory, and when you power off the machine you lose all that forensic evidence,” said Winters. Moving forward, Winters highlights the next steps businesses should take following the attack. “If you are within the UK you will have to comply with GDPR so if you know for a fact only three customers fell victim, you have to only tell those customers. If you cannot prove that, you must notify every customer on your database. Evidence is important so do not turn off the machine. Studies have found that when you disconnect the machine it causes the attacker to panic, they start mass deleting things out of frustration or spite and it accelerates the pace. What you should try and do is stop it from spreading by taking off the machines that are not infected. 67% of companies have a recurring breach within 12 months because they know how much money you have and how to access your systems. Figuring out how they got in is key. This is why you need to employ a security firm. Identify what your priority systems, make sure you have backups on them and keep them off site.” BMJ

www.buildersmerchantsjournal.net July 2023

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44