One of the key topics at this year’s Business Leaders Forum (BLF), sponsored by Columbus, was cybercrime and how strong – or as the case may be, weak – our food defence plans are.
“How many of you have been victims of theft?” One delegate posed to the room. “During covid, there were significant ransomware attacks and every business in the room needs to have a strategy on this.”
The attendee warned of incidences wherein manufacturers haven’t been able to open their gates, where 80 or so facilities have been shut down, where millions have been paid out. One only has to cast their minds back a little way, when meat giant JBS ended up paying $11 million to ransom.
“Criminals are testing us,” the participant warned. “Because when they really go for it – and I’m talking about terrorism now – many businesses will be vulnerable.”
An attendee interjected, as they explained the ordeal of their own business being hacked as a result of weak links in the backup server. “It was absolute hell.”
They continued: “It’s not if you’re going to be attacked, it’s when. We lost records, NPD, everything.”
Another victim stepped forward: “After we got attacked, it fundamentally changed the way we invested in IT and where we kept our servers.”
Apart from server providers, another attendee advised caution around direct links created by automation. “You can have company firewalls in your systems, but when you put a piece of connected kit in that, breaches can happen.”
Another person spoke of phishing attacks – and a murmur of acknowledgement echoed round the room.
Phishing is where an attacker tries to fool you into doing something like clicking on a malicious link. They quite often impersonate someone who works for the business, including the CEO!
“We have invested in cybersecurity and gone through every vulnerability in the business,” an attendee stated, as they advised others to do the same.
“It only takes one click,” they continued. “The vulnerability can come from anywhere.”
“It’s not just your company’s system either,” someone else added. “I lost of several hundred pounds because of the custodian bank had been attacked and they got into an email chain; and they were just changing the account numbers.”
The room was also warned of non-encrypted email providers and advised to check this.
Knowledge and investment are key
In the face of this new threat, a member of the group suggested looking at the national cybersecurity centre. “They have lots of resources. Not ideal for every business but it’s a starting point.”
Fellow leaders were also recommended to invest in cybercrime training and even consider making it a contractual obligation within their companies.
It may seem like a strange time to spend whilst purse strings are tight, but as one participant said: “The industry just has to accept the cost that we haven’t borne historically.”
Another proposal was backing up the systems every night or even several times a day, so that if an attack occurs, systems can be shut down and rebooted.