The team from Mirus were Paul Tomlinson MD, who was attending to gain an understanding of the changes in industry trends and to take part in the day educating other MSP professionals. Dan Sharp was hoping to discover if any solutions may be appropriate for our customers to help reduce risks in their business. Mark Van Gemert also attended, Mark helps define the IT Strategy for our customers and he wanted to understand the changing threat landscape to ensure the strategic advice he offers is fully aligned with industry changes.
The Darknet and the Future of Cybercrime
We began the day with Jamie Bartlett the author of the Dark Net , who provided an overview of the DarkWeb including its origins and the various legitimate and illegitimate uses of the web. Jamie delivered an amazing presentation demonstrating how easy it is to access goods and services via the DarkWeb. What really seemed to strike a chord with the other MSP’s in the room, was the ease at which a typical IT user could buy a DIY Ransomware kit, which then allowed them to build a Ransomware campaign which could be targeted against a specific mailing list! The cost of this solution is probably less than most people would spend on a meal for two, yet it could potentially generate tens if not hundreds of thousands of pounds in ransomware payments.
Jamie’s presentation also provided the attendees real food for thought, the most successful phishing campaigns we see are ones which are very targeted, convincing the receiver they’re genuine as they reference things people are familiar with, or tools which they may use every day. With the ever-increasing computing power and the advances in artificial intelligence and machine learning, Jamie suggested that in the future, these technologies could be used to learn about potential phishing targets and drive targeted campaigns on a large scale very easily, as there’s very little that technology will be able to do to stop such targeted attacks. The focus to counteract these powerful cyber-attacks is going to have to be on educating end users on what to look out for.
The elusive cyber criminals, “Who, What and How"
Charlie McMurdie was next to take the stage, Charlie has extensive experience with the police force dating back to 1981, and more recently within PWC working leading their Criminal Cyber Security division. Charlie did an excellent job of running us through some of high profile attacks that have occurred over the last few years including some interesting nuggets about the way cyber criminals behave when they are caught. Believe it or not, unlike regular criminals who seem to opt for “no comment” type interviews, Charlie explained that Cyber-Criminals love to talk about their accomplishments, are very proud of their crimes, which makes the polices job a little easier.
Charlie confirmed that users really are the biggest threat to businesses, as advances in cyber prevention technology are able to assist with prevention of cyber crime but human error is the biggest cyber risk. For example, engineers neglecting to reset default passwords is a common vulnerability and users clicking on unsecured links cause even more problems for the user base.
The Real Risk of Ransomware
Our next presentation was from Tim Jeffcut from Datto who delivered an excellent presentation with a live demonstration of a ransomware infection. This clearly demonstrated the impact that ransomware has on a device and how quickly it will infect isolated machines with well-known ransomware (WannaCry and Cryptlocker). For many IT professionals we don’t see the actual process of the infection as we are generally called in after the infection has taken place. It was very interesting to see the speed at which the infection took hold, so quickly that Tim ended up encrypting some of the content he planned to share with us. Tim confirmed that the trend for Ransomware infections was increasing, although many MSP’s in the room agreed that whilst the volume of attempts may be increasing the successful ones are being reduced as the technology to protect our IT environments is improving.
Cyber Crime and their lessons for CEO's of SME's
After lunch the London Digital Security were up and the shared the great work this not for profit organisation does alongside the Police and the Mayor of London, if you are a small business in London or the surrounding area and you want some help with the basics of cyber security then you really should check out their website and consider joining.
MSP Panel Moderated by Jamie Bartlett
The day ended with a panel discussion moderated by Jamie Bartlett with our Managing Director Paul Tomlinson and four other industry professionals sharing their views of the day with the audience. It was interesting to see that all MSP’s agreed security is an ever-growing concern and that we need to encourage SME businesses to take a more mature approach to cyber security to not only help them remain GDPR compliant, but also to protect their business. The key take-aways highlighted by the panels for SME’s were:
- Invest in Cyber Essentials to make a first step on your GDPR journey
- If 2 Factor Authentication is available on a system, then ensure it’s implemented (both at home and work)
- Train users. The user base is mostly the weakest and the last line of defence. Regular cyber security training will help protect SME’s
- Ensure everything valuable is backed up regularly, regardless of how careful companies are, in this cyber age, we simply cannot predict what could happen.
Mirus would like to thank the sponsors for putting on the Cyber Security Event as the entire team enjoyed being part of this educational and informative day.
If you are concerned about your teams ability to spot a phishing email and where they fit in to the Cyber Security picture, you can TAKE A FREE PHISHING TEST FOR END USERS WITH MIRUS IT.
The three pillars of Mirus are:
Delivering outstanding service.
Offering strategically successful solutions.
Providing consistent customer satisfaction.