PwC recently carried out a global survey on economic crime and fraud, the findings indicated that more than half of Irish companies have been victims of economic crime in the past two years, an increase from 26% in 2010 and 34% in 2016. The reports also revealed that in excess of 10% of Irish companies that have been the victim of cyber criminals have lost in excess of €4m each over the past two years.
The General Data Protection Regulations (GDPR) came into effect on the 25th May 2018. It is the EU Legal framework that provides guidelines for the collection and processing of personal information of EU citizens. The GDPR specifically states that both technical and organisational measures must be implemented by companies to provide a level of security that is appropriate to the risk of processing personal data.
Resilient Defence were engaged by an Irish based engineering company who were on their GDPR alignment journey. Resilient Defence were tasked to carry out cyber security penetration testing to identify if there are vulnerabilities within the organisation and following that provide a treatment plan for any identified vulnerabilities to mitigate or remove the risks.
The PwC survey findings indicated that, in Ireland, Phishing was the most prominent technique used by cyber criminals.
The company was established in the 1970’s and has been very successful manufacturing and retailing their own specialised engineering equipment and more recently mobile app development. Although small in the number of employees – less than 50, they have global reach.
The challenge is not only about the technical penetration test of servers and websites to detect vulnerabilities to their intellectual property, the real challenge is raising awareness amongst the team and engraining a security mindset within the culture of the company that aligns with the increasing risks of today.
The PwC survey findings indicated that, in Ireland, Phishing (fraudulent emails that are used to trick recipients into revealing data) was the most prominent technique used by cyber criminals in 66% of cases. Technical measures can only mitigate some of the risk associated with this threat, awareness and staff training is key, as phishing emails become more and more sophisticated.
A full penetration test was carried out on the organisation that included the IT systems and the physical security, working from the outside in. Vulnerabilities were identified and exploited. A full report was issued identifying these vulnerabilities and the mitigation measures that the company could act on.
Furthermore the organisations staff were provided with access to our online training platform that utilizes animations to address specific cyber security subjects that include Phishing, Password Security and Ransomware.
The engineering company addressed its technical measures and continue to train staff and make them aware of the cyber risks, they have increased their resilience to attack and can continue focus on growing the business.