This case study is part of a series from K3 Cloud, Hosted and Managed Services (K3) that focuses on the cyber scares and cybersecurity vulnerabilities plaguing British businesses of all sizes and in a wide range of industries. It aims to throw light on just how common and large in number serious cyber security issues are in the real world and help you to understand how to better protect yourself. Of course, sharing your cyber vulnerabilities with the world isn’t recommended, so we’ve kept our client’s name anonymous for safety and security purposes.
In recent months, this business in the machining and manufacturing industry had been the target of hundreds of attempted hacks. Despite working with a security provider, they remained in a state of ongoing vulnerability due to unsatisfactory and ineffective resolution measures. Knowing that cyberattacks rose by 40% from 2018 and cost businesses £11bn annually, the company didn’t want to take any financial or operational risks, so they chose to move away from their incumbent.
The business sought the help and expertise of K3 to give their entire IT estate a thorough cybersecurity health check. With cybercrime victims paying such high prices – profit reduction, reputational damage, market position and potentially even fines, loss of employment and (in extreme cases), closure, it’s critically important to get under the hood and identity every weakness in meticulous detail.
The K3 team jumped into action with our Cybersecurity Health Check, which included:
- Scanning the client’s IT infrastructure and analysing their network for weaknesses from both internal and external attacks
- Meticulously reviewing results, even the tiny details
- Laying the client’s cybersecurity health care with a clear report, including a risk score and critical areas of vulnerability
- Recommending remedial action and changes in helpful, straightforward language
Issues and cyber scares discovered
Our Cybersecurity Health Check uncovered a concerning number of critical issues, and upon sharing with the client, they immediately decided to work with us to implement fixes. K3 identified the following risks:
- Business credentials found on the dark web, including the Managing Director’s details
- Unrestricted external access to business-critical equipment including the premises security system, due to open ports
- This system was the target of those several hundred attacks we mentioned earlier. Each time an attack was attempted, external access was temporarily disabled, and the building had to be manually checked on a nightly basis
- Unrestricted internal access to sensitive information such as payroll and HR directories
- No Active Directory administration, which meant that former staff still had access to network resources
- No password complexity policies or account lock-out following incorrect password entries
- No automatic lock-out of accounts after incorrect password entries.
- Wireless password matched the domain administrator password and as such, anyone could log on to the domain as an admin
- Anti-virus wasn’t installed on all machines
- Patching wasn’t configured on some business-critical servers
Now the client and we knew what we were dealing with exactly, we could help strengthen their business from the foundations up. Taking a holistic and tailored approach to cybersecurity meant that the client could mitigate risk across the entire company and be protected against current, new and emerging cyberthreats. Using the very latest technology and bespoke infrastructure, we achieved the following outcomes for the client in just ten service days:
- New Highly Available Active-Active SonicWall pair implementation, which included:
- DPI SSL
- Content filtering
- Gateway AV
- Locked down ports
- Implemented a new managed network
- Rectified the issues discovered during our health check using managed service best practice
- Network-wide account resets
- Additional Anti-Virus sales
“Before we met K3, we were operating at an unacceptable level of risk”, says the client. “This was becoming overwhelming, and we weren’t certain what steps to take next. The findings of K3’s Cybersecurity Health Check were, admittingly, terrifying. But we welcomed that our vulnerabilities were laid bare as we could now, with K3, form a plan of attack that ensured both the immediate and long-term stability and protection of our business”.
The client continues. “With this new visibility and our critical issues resolved, we can also now accurately budget for essential IT and cybersecurity work and be proactive, rather than fighting metaphorical fires. Thank you to all at K3 involved with making these changes happen”.
If you need expert help protecting yourself against the growing threats of cybercrime, contact K3 Cloud, Hosted and Managed Services to arrange a no-obligation cybersecurity health check. Just contact our K3 experts on firstname.lastname@example.org or 0844 579 0800.