Specialists in Risk Management for Manufacturers, Gallagher, gave some interesting yet freighting insight into how easy it is for hackers to access data this week. 20+ of Made in Group members joined the workshop, via video application Zoom, to see a demonstration of how hackers get in and a journey to the deep dark web.
Hosted by Johnty Morgan, Cyber Risk Specialist from Gallagher, the firm gave an insightful presentation on the potential risks manufacturers face regarding cybersecurity. Taking place on Wednesday 7th October 2020, one of the most interesting aspects of the presentation was how hackers access data. Most surprisingly, hackers don't even need to access the dark web to do this.
Since the beginning of the Covid-19 pandemic, many businesses were urged to allow staff to work from home. Six months into the pandemic there are still many businesses in this position, including office staff from manufacturing firms.
“Working from home poses massive threats to cybersecurity, due to less likely being protected by corporate software.” Explained Johnty, Cyber Risk Specialist.
He continued: “I would say 60-70% of the companies I deal with are manufacturers. This is due to how you guys make money. If hackers are able to shut down the shop floor, they know you would more likely be in distress and therefore likely to give your money away.”
To get this kind of access, many hackers use the dark web, which is easily accessible, once a particular browser or agent is downloaded. In the cybercrime world, this is an attractive proposition to criminals due to the high risk of not getting caught. One of the factors of this is the fact that the dark web will constantly change the users IP address, which is where they are located in the world. Johnty said:
“The dark web is as easy to get to as BBC news once the user downloads this particular browser for the dark web.”
However, most shockingly for members, there are a number of public domains out there that allow hackers to access IP addresses and all remote desktops if they have the right credentials to access a company's industrial control systems.
Many businesses now use a cloud-based system to store their data e.g iCloud or Google Drive. Hackers are able to use a deep web scanning tool to discover passwords for such data, including email addresses, in order to hold companies, Ransome. This act is called a credential stuffing attack.
Gallagher closed the presentation by offering their free consultation services exclusive to Made in Group members. The firm is able to conduct an open-source investigation on a company’s email addresses to see if there is any data about it on the internet. Johnty concluded:
“The biggest takeaway I would like you to take away from this presentation is that username and passwords are very vulnerable. You can strengthen these by including multi-factor authentication to your logins.”
If you would like a free consultation from Gallagher, contact the Birmingham office on 0800 062 2340.
Want to watch the event? Login to your microsite and head to “Virtual Events - Past Events” to find the video. Here’s a video on how to get there if you aren't sure.