In the face of a debilitating cyber attack, B&R Enclosures, a Brisbane-based advanced manufacturing company, emerged stronger and more resilient. Chris Bridges-Taylor, the company’s Director, has become an advocate for cyber security, using her experience to help other businesses avoid similar pitfalls.
Eighteen months after sharing the traumatic details of her company’s ransomware attack during an Ai Group webinar, Bridges-Taylor returned to the online stage last week. Joined by Ai Group’s Cyber Consultant, Mark Schmidt, she provided further insights into the lessons learned, highlighting how the attack, while devastating, ultimately led to significant improvements in B&R’s security practices.
“The reason I share our story is to save others from going through the same painful process,” Bridges-Taylor said. “It’s not an experience you want to learn the hard way. The costs are far too high.”
The Attack: A Wake-Up Call
In November 2020, the company fell victim to a ransomware attack that wreaked havoc on their systems. Bridges-Taylor was working out at the gym when she received an unexpected call from the IT manager, who informed her that their systems had gone down and that a cyber attack was likely. Initially, she wasn’t overly concerned, recalling a previous system outage that had lasted several days. However, as the situation unfolded, it became clear that this attack was unlike anything they had experienced before.
“I was in the boardroom on the first morning when we saw a print-out of the ransom note from the attackers,” she recalled. The message revealed that the hackers had encrypted their systems and outlined the demands for payment, warning the company not to involve law enforcement.
For B&R, a 70-year-old family-run business with 400 employees, the attack disrupted nearly all of their operations, including emails, phones, and essential manufacturing equipment. With facilities both in Australia and China, the company faced a colossal challenge. Although they lacked a cyber incident response plan at the time, they quickly implemented emergency measures to keep the business running, such as paying employees without the usual payroll system and restoring communication lines.
Cyber insurance provided critical support, as B&R was assigned a response team to guide them through the recovery process. It took nine months to rebuild their systems and another year to feel as though the attack was behind them.
A Wake-Up Call on Cyber Security
Bridges-Taylor’s company discovered that the attack followed the “cyber kill chain,” a well-known sequence of stages that cybercriminals use to infiltrate a system. Despite having multiple security measures in place, B&R learned that the attackers had gained access to their network months before launching the attack. Small warning signs went unnoticed because the company lacked a security event monitoring system, which could have detected the intrusion earlier.
The attack revealed the industrial-scale nature of cybercrime, with multiple parties involved in the breach: those who identified vulnerabilities, those who surveyed the systems and dropped malicious payloads, and the extortionists who executed the ransom demands.
The Role of Compromised Credentials and Patching
The attack also underscored the importance of safeguarding credentials. Research shows that compromised login details are the second-most common cause of ransomware attacks, often due to phishing scams or malicious software. Schmidt emphasized the importance of multi-factor authentication and discouraged storing passwords in browsers, even if platforms like Chrome or Microsoft claim to secure them.
Additionally, a significant portion of cyber attacks stemmed from missed software patches, which can leave businesses vulnerable to exploitation. Schmidt urged companies to implement automatic patching systems, noting that hackers are exploiting vulnerabilities at an increasing rate. Regularly updated software is essential to safeguard against breaches.
Ransomware’s Evolving Tactics
Ransomware attacks have evolved in recent years. While the traditional model involved encrypting data until a ransom was paid, criminals now often steal data before encrypting it. This additional step allows them to extort not only the company but also its customers and suppliers.
A global study on ransomware incidents revealed that the manufacturing sector was particularly vulnerable, accounting for over half of all ransomware attacks. The average financial loss from such incidents has surged, from $686,000 to $3.7 million in the past five years.
To Pay or Not to Pay?
When it comes to ransom demands, the decision to pay is not straightforward. Schmidt pointed out that healthcare providers, for example, may feel compelled to pay a ransom if it can prevent significant harm to patients. However, Bridges-Taylor cautioned against supporting cybercrime by paying ransoms, encouraging businesses to invest in robust cyber security measures to avoid reaching that point.
The Need for a Cyber Incident Response Plan
The attack highlighted the importance of having a pre-established cyber incident response plan. Schmidt stressed the need for businesses to develop such plans before they are targeted, so they are prepared to act swiftly when an attack occurs. While B&R had no formal plan in place at the time, their quick response helped mitigate the damage.
“It would have been much worse if key people had been away or if we were overseas,” Bridges-Taylor said. “Having a plan in place is crucial for managing the crisis.”
Preparing for the Inevitable
Both Bridges-Taylor and Schmidt emphasized that cyber threats are not reserved for large corporations or high-profile targets. Small businesses are just as likely to be attacked, and assuming one’s business is safe because it has basic IT protection is a dangerous mindset.
As Schmidt put it, “Cybersecurity is like going to the dentist—you know you need to do it, but you put it off until it’s too late.”
Practical Tips for Cybersecurity
Bridges-Taylor and Schmidt offered several key takeaways for businesses looking to improve their cyber resilience:
Schmidt’s Recommendations:
- Enable multi-factor authentication across your organization
- Use unique passphrases instead of common passwords
- Regularly update and patch software
- Minimize the use of administrative rights on computers
- Back up data to offline storage
- Implement strong email and web filtering systems
Bridges-Taylor’s Advice:
- Identify and protect your most valuable data and assets
- Implement procedures to prevent scams, such as business email compromise
- Foster a cyber-resilient culture within your organization
- Develop a formal cyber strategy
Continual Learning and Resilience
Reflecting on her experience, Bridges-Taylor acknowledged the importance of ongoing education in cyber security. “You can never stop learning,” she said. “Building resilience is an ongoing journey, and we have to stay one step ahead of the criminals.”
Her company’s experience serves as a powerful reminder that while cyber attacks can be devastating, they also present an opportunity for businesses to strengthen their defenses and grow stronger in the face of adversity.
Related Topics:
The Critical Role of AI Prompt Engineering in Modern Business
Livestock Law Set to Transform Vietnam’s Animal Farming Sector
