Contract Flooring Journal (CFJ) the latest news for flooring contractors

NEWSLETTER
CFJ AWARDS 2025
HomeTechnical adviceSimple steps you can take to combat cyber crimelines
Technical advice
Updated:

Simple steps you can take to combat cyber crimelines

Did you know that manufacturing, production, distribution, and sales consistently rank in the top five sectors targeted by ransomware? Mark Saville, director at Data2Vault, gives us the lowdown.

Supply chains provide an ideal hunting ground for hacking gangs. Links between companies exchanging orders and invoicing using email and running online accounting and stock systems all become vulnerable if one company in the supply chain gets breached.


The impacts of cyber crime are increasingly financial and are no different to the more familiar types of crime that could seriously damage your business. Think in terms of theft of goods, theft of money, or fraud. How do you prevent and minimise these within your company, compared to preventing cyber crime?


For companies that are built on and rely on repeat business, suffering a cyber crime can be devastating. Affecting both customers and suppliers alike, and in some cases causing the business to fail altogether


The hacking gangs that carry out cyber crime are international and very sophisticated. Most are criminal gangs, but some nation states like Russia, Iran, China, and North Korea use cyber crime to fund terrorism. They use automated software tools and malicious code (malware) to bombard, infect, and breach IT systems, Cloud services and user devices like laptops, mobile phones, and PCs.

The triple extortion threat
Over the last few years the most common cyber crimes fall within a pattern called triple extortion, where the company suffers one, two, or three of the extortion techniques that the hacking gangs use:

  1. Invoice fraud
    Occurs when the email accounts of directors, finance teams, or accounts personnel are breached, and valid invoices are re-presented and re-routed for payment to a fraudulent bank account setup by the gang.
  2. Ransomware
    Once a network or cloud service is breached by a hacking gang, malware is used to infect files. This malware spreads automatically over a period of months infecting millions of files and in turn these infected files are then stored in the backup system. Some months later the malware detonates, every infected file becomes encrypted and cannot be accessed. The hackers demand a ransom in Bitcoin or other crypto currency for the release of the keys to decrypt the data. Payment does not guarantee the keys will be made available and could breach funding of terrorism legislation, resulting in company directors facing criminal investigation.
  3. Exfiltration of data
    During a breach hackers look for confidential data – it can be in databases or file systems, containing customer, financial, or business sensitive information. They copy the data out to cloud storage and then encrypt the source files so you cannot check what has been stolen. The hackers demand a ransom, or the files will be published online. Paying the ransom does not guarantee you get the data back, or the data will not be published.

    In each case your internal IT team or IT service provider can try and remediate the breach, but unless they are skilled in cyber forensics and incident response they could make the situation much worse for you.

    For many business owners they believe cyber crime will never happen to them, or if it does their cyber insurance will cover any loss, but insurance is getting more expensive and contains an ever-growing list of exclusions as the market seeks to stem the growth in claims and pay-outs.
    As Ciaran Martin, the recently retired ceo of the National Cyber Security Centre (NCSC) said there are only two types of organisations:

    Those that have been breached, know about it and are remediating it

    Those that have been breached and do not know it yet

    In most cases we find that a number of basic cyber protections are already in place, but are often poorly maintained, eg, firewalls, anti-virus, email scanning, and email filtering. In addition, it’s essential to make sure system patching is operational, and multi-factor authentication is setup on every user account, including administrators, as these steps help shut down vulnerabilities that hackers regularly exploit.
  4. We know from our experience that cyber-related budgets are constrained, until there is a breach. So where should you start in taking steps to combat cyber crime? There are two areas to consider: cyber prevention and resilience.

Cyber prevention
Cyber prevention focusses on stopping a breach. In addition to the short list above it should also include:

  1. Draft a cyber incident response plan to identify and document the roles and responsibilities in the company’s response to a cyber incident. The plan will typically include staff from both inside and outside the company, as expertise is required.
  2. Conduct regular cyber maturity assessments to check for vulnerabilities, to create security baselines and ensure prevention measures are evolving in-line with the latest cyber threats.
  3. Add malware detection to identify zero-day malicious code which is undetectable by traditional anti-virus technology.
  4. Add a security operations centre (SOC), a cyber security service that monitors all of the key IT assets in the company and across cloud services that are in use. The SOC would detect and alert on attempts to breach the company systems and if a breach occurred it would trigger a response according to the cyber incident response plan.
  5. Supply chain vulnerability intelligence is a service that constantly analyses the cyber vulnerability of the key organisations in your supply chain. An example may be if username/password details from a supplier appear for sale on the dark web you would be alerted.
  6. Look at automated network segmentation. Malware that causes ransomware spreads silently, moving by design across a network or within a cloud service, infecting files that it comes into contact with. Automated network segmentation detects the lateral movement, isolating the malware and the systems that have been infected.

Cyber resilience
Cyber resilience focusses on minimising the disruption caused by a successful cyber attack and getting the company back up and running with the minimum of distress. These services include:

  1. Data backup, but be sure to provision a backup service that scans data during backup and during recovery for zero-day malware, or you will create attack loops of ransomware infection and re-infection.
  2. Disaster recovery infrastructure – if the original IT systems are completely non-serviceable during the cyber incident response, then you would need access to a DR infrastructure (this could be a secondary site or cloud systems)
    So where do you start to find out if your IT systems are secure or have been breached and your confidential data has been compromised?
    A cyber maturity assessment is a good start – just make sure it is carried out by someone independent of your internal IT team or IT support provider, as they may have something to hide. 
    www.data2vault.com
    0333 3442380
    Facebook: Data2Vault
    Twitter: @Data2Vault
    LinkedIn: Data2Vault
2025 CFJ AWARDS
Please click to view more articles about
Technical advice

Stay Connected

4,800FansLike
7,837FollowersFollow
SEARCH BY COMPANY

Training

MOST READ

Popular articles

SIGN UP TO OUR FREE NEWSLETTER

CFJ is widely recognised as giving the most authoritative coverage of all sectors of the flooring industry, in addition to essential business information as well as insider comment, expert analysis and lively debate.

Training

CFA News

Products