Hack Attack @ The Guildhall

Following the success of our sell-out Hack Attack at Hull C4DI this summer, we thought we’d bring it a little closer to home and decided upon the beautiful city of York as our next location. We teamed up with Mike Pennington from Made Smarter, who supported the whole event, and police-led North East Business Resilience Centre (NEBRC) who we partnered with previously in Hull.

On the morning of Monday 23rd October, we headed into the city and prepared the Guildhall to welcome our guests. It was a nerve-wracking lead up to the day as storm Babet had been working its way across the UK in the few days prior, causing devastation and flooding in many areas. Fortunately for us, York remained largely untouched aside from a slight rise in river levels along the Ouse and we were good to go!

The magnificent Guildhall began to fill and before long was packed with over 50 business leaders from across the York area, ready to learn more about the world of cyber security.

After a brilliant introduction by Made Smarter’s Mike Pennington, Punk Security’s Daniel and Simon took to the stage and began setting the scene of the attack. During this first part they showed how the attacker found a way in, along with other potential scenarios businesses may face. By the end of part one, the environment had been breached and the attacker was in! This was great place to take a pause and hand over to Detective Inspector Martin Wilson from the North East Business Resilience Centre.

Martin provided an eye-opening insight into some of the cyber crime the constabulary have seen over the last 6 months, including case studies and trends in our area. A particularly hard-hitting case they had responded to was a primary school in the region who had a large amount of sensitive pupil data stolen. Such a truly awful situation for all involved. A fantastic presentation, that really highlighted how important it is for everyone within an organisation to take responsibility for cyber security, and what can happen when things don’t go to plan.

Following Martin’s talk, the Punks returned to the stage and the scenario, where things quickly developed into a full-blown cyber-attack. The attacker had successfully gained access through a phishing email sent to an employee and had proceeded to encrypt the organisation’s data, holding the business to ransom. The targeted business was now faced with a decision… to pay the ransom? Or not? If they do, how can they be sure they will indeed have their data returned? If they don’t pay, how do they get it back?

dO nOt PaY tHe RaNsOm

The advice given by most professionals and the police is always that if you find yourself in this position, do not pay the ransom.

There are many reasons why, not least because of the fact that doing so further motivates and supports criminals to carry out these attacks. Paying a ransom does not guarantee you will be given access to your data and once you do pay a ransom, you have proven you are a worthy future target. There is also the huge consideration that these attacks are carried out by organised criminal groups. What kind of criminal activity is your money funding if you do pay them? Cyber-crime isn’t the only thing these groups get involved in…

The final stage of the demonstration showed how the affected business responded following the incident and began the recovery process. This highlighted the importance of resilient backup procedure and storage, the need to inform the ICO and to have a strong incident response plan to prepare for future incidents

A testament to the engagement and interest of the audience was the quality and number of questions presented to the speakers during the Q and A session at the end. The questions continued throughout the networking lunch, with the NEBRC and Punk teams getting the opportunity to provide support and advice specific to the wide range of businesses in attendance.

Ransomware Readiness Audits

We understand that it can be difficult to know where to start when trying to ensure your business is secure and you are as prepared as possible to deal with any potential incidents. Our Ransomware Readiness Audit is designed to help organisations identify both their strengths and areas that need to become more resilient to put you in the best position to fend off and deal with potential threats, ransomware in particular.

Get in touch on 0161 660 3545 to find out more!

Thank you to everyone who joined us on the day! We hope you learned something new and have been inspired to ask more questions about the cyber resilience of your business. If you would like to speak to us about hosting a similar session for your organisation, please email [email protected] or contact Melissa on 0161 660 3545.

Special thanks go to our colleagues who presented alongside us and the team at the Guildhall for making the morning go as smoothly as possible.

For more information, email us at [email protected] or call us on 0161 660 3545