How Rybec Group Can Help  

Below are real world examples of the risks we can help you manage and the benefits we can deliver to you and your business 

Cyber Awareness Training & Education  

We delivered a cyber awareness in social media course at the UTC Scunthorpe which was delivered to over 60 Students and educated them on the dangers of social media and the info you can gather from simple social media profiles. The students were set a task of coming up with innovative ideas to try and keep people more safe in the cyber world. 
 
We have also delivered STEM days to Hull schools around cyber security as a career pathway and what cyber security looks like. 

Data Breaches  

A medium sized local business suffered a ransomware attack were they lost all their data, customer records, financial data, supplier details. There was no key for the ransomware and the attackers were asking for £600,000 in Bitcoin payment. 
 
The company had no back ups that were not encrypted in the ransom ware attack. After investigation it was found that the malware had been installed 3 years previous when the company was quite small from a phishing email clicked on by staff. The malware had been watching and sending data for the 3 years to the criminals who were waiting for the company to grow enough that they thought they would get the ransom paid. 
The company only survived the incident due to owner having reserve funds. If we had been working with this company this would have been less likely to have happened. Staff training around mailcious emails, correct air gapped back up systems, network monitioring software to notice unusual activity sending data out are all things we would put in place. The company also had no cyber insurance which may have helped in the situation which can be obatined free if the company does the cyber essentials certification. We can help any company get the certification. 

Ransomware Attacks  

A small company suffered a ransom ware attack, they were lucky that some of their network was disconnected and the incident only affected 30% of their machines. On investigation it was remote access that had been granted to the company secretary to work from home which was not configured correctly and she had clicked again on a malicious email. 
 
Staff training on how to recognise the maliciious emails and correctly configured remote access with firewalls would have reduced the incident likelihood and saved the company money in not having to deal with reduced capacity. 

Data Loss & Malicious Activity  

This company suffered a data loss as an suspected ex-employee deleted all the data from the cloud when they were dismissed. 
 
There was no back up. The company had failed to remove the ex employee's profile from the access control on them leaving the company thinking that any mailicous activity can be traced. The police were not able to trace who caused the damage as they used the dark web to hide their activity and had used the admin login to gain access to the cloud. The company had shared the admin log in with most of the office staff and had not properly controlled the access control. They lost over £300,000 in sales alone. 

Staff Access Malicious Activity  

A large East Yorkshire based company on acquisition of another company failed to change the access control for the email and web servers. The old company staff when dismissed changed the email servers and stopped the company receiving emails and contracts for over a week. The seas estimated to have cost the company well over £100,000. 
 
If we had been working with them at the time we would have ensured that the access control was locked down and the emailer server supplier fully aware of the situation. Using 2FA or MFA would have possibly prevented this if set up correctly. 

Company Fraud  

A local company did not do regular auditing of assets and income. A member of staff left the company and they did not know they still had a company laptop. The member of staff continued to log in to company accounts and kept paying themself. The company did not realise for 9 months until the accounts team picked it up. 
 
If they had a proper asset register and had proper access control this would not have happened. Building a proper assest register and keeping track of asset is key to the security of a business. Staff profiles should deactivated on the day they leave. 

Book a consultation 

To find out more about how we can assist your organisation or school to become more resilient and raise awareness on preventing cyber-attacks from occurring, get in touch on 07368 932 467 or 07814 964 778 or use our contact form to book an initial consultation. 
 
GET IN TOUCH
Cyber Management Alliance - Cyber Incident Planning & Response (CIPR) 
Certified in Cybersecurity (CC) 
QA Cyber Foundation Trained and Certified 
ISO 27001 Lead Auditor - Information Security Certification 
QA NPCC Cybercrime Foundation 
Certificate Information Security Management Principles 
Our site uses cookies. For more information, see our cookie policy. Accept cookies and close
Reject cookies Manage settings