Cybersecurity hit the Microlise Transport Conference stage in a big way – with 60% of delegates revealing that their organisations had been impacted by cybercrime in recent years.

As part of the main stage discussions, we assembled a ‘Cyber Security Panel’ consisting of cybersecurity experts, alongside Microlise CEO, Chief Information Security Officer, from Serco and Yusen Logistics Europe’s, Head of IT Security.

The aim, to raise awareness of cybercrime within the industry, and to share experiences and advice to help combat this growing threat.

Catch all the action from Microlise Transport Conference’s headline discussion 👇

Amongst our expert panellists we welcomed David Brown, Principal Incident Response Consultant, from NCC Group. A former police detective, David specialises in leading complex investigations and helping organisations respond to and recover from significant cyber crises.

It was great to have David as part of our panel – and even better to hear more of his insights and advice post-MTC. We managed to catch up with David to answer a few more questions from the audience on the day…

Q: Firstly, we had such an overwhelming response to the cybersecurity discussion at the Microlise Transport Conference, what was your highlight?

David: It has to be the general openness of the session, from the whole panel. The more we share, the more people can learn from one another. This openness is what’s helping improve awareness and is ultimately what is making organisations sit up and recognise the importance of protecting their digital assets.

Q: So, to the questions, a great one to start us off – how many attacks, successful or unsuccessful, do you typically see a day?

David: With on average 500 reported and/or identified ransomware attacks monthly, the true number of attacks each day is eye watering, that’s why it’s vital to be as prepared as possible. NCC Group helps organisations all over the world prevent attacks through the iMXDR solution, and support many more who have not been fortunate enough to have the right detection tools in place.

Q: Where are these attacks or threats coming from?

David: While the origin of cyberattacks can vary, many ransomware attacks linked to serious and organised crime often originate from Eastern Europe. However, with the increasing threat of insider attacks, organisations should be prepared for a wide range of scenarios.

Q: How do you trace attackers?

David: The identification and tracking of attackers have many aspects. Private sector organisations will use ‘Threat Intelligence’ to attribute certain attacks and indicators of compromise to threat groups or individuals. This includes open-source research, network and host forensics, threat hunting as well as collaboration with law enforcement agencies.

The amount of law enforcement activity globally in recent months is testament to the great work across the industry with people willing to collaborate, supporting the take down of criminal organisations.

Q: How can you prepare yourself, should the worst happen?

David: First you need to start by developing an incident response plan and playbooks to guide your response to an incident. Understanding your environment is crucial; you can’t defend what you can’t see, so asset management and endpoint detection and monitoring are essential.

Staff awareness at all levels is also vital, and awareness training should be integrated into your processes.

There’s some excellent guidance available from the National Cyber Security Centre (NCSC). The Incident Management Collection is a great place to start.

Q: How do you create a culture that ensures everyone owns cyber risk?

David: Integrate cyber into daily operations just like you do with Health and Safety. Everything we do now touches technology. Cyber is a critical business risk to almost every organisation on the planet.

Q: Which one is safer, cloud or on-site infrastructure?

David: Arguably cloud, with continuous monitoring and centralised security however, it’s not that straightforward with many things to be consider including licensing and data privacy. Hybrid options are common but it’s more likely to see organisations move to full cloud solutions in coming years.

Q: What is the best ransomware protection?

David: Defence in depth. There is no one solution that is bullet proof against this type of attack. A multi-layered approach will give organisations the best chance to defend themselves.

Q: Why does it take varying times for businesses to come back online after an attack?

David: This can vary for a number of reasons, from how prepared an organisation is to the availability of backups. And not to mention the size and complexity of the organisation attacked.

The average recovery time to is around seven months for an organisation to fully recover, however, this varies. For example, the British Library are still recovering some 18 months later.

Q: We consistently conduct fire alarm drills. Do you think there is a need for mock testing for reactive response?

David: Testing and exercising are essential in your preparedness. Tabletop exercises delivered by industry experts will highlight gaps and identify areas you can improve. Exercising should be conducted regularly to help your teams become prepared for what is something they are very likely to experience at some stage.

Again, the NCSC have some great information on this, including an assured list of providers for exercising.

Q: What at are the most common mistakes logistics firms make when handling cyberattacks, and how can they improve their response strategies?

David: Cyber is not specific to any one industry, many organisations are often underprepared with limited training and an insufficient budget to provide adequate security detection and monitoring.

It can be hard for organisations to justify the budget when nothing has gone wrong but once an attack happens the cost is exponentially higher. Being better prepared and more awareness amongst executives would decrease the number of attacks we see on a day-to-day basis.

Q: A lot of the stories you hear of large organisations being attacked, what advice do you have for smaller companies?

David: The advice is no different, be as prepared as you possibly can within the budget available. Work with a trusted third party to ensure the security measures in place are suitable for your organisation. Threat attackers will not discriminate, they target all businesses with the majority of attacks being opportunistic.

Thank you, David!

Cyber attacks aren’t going anywhere fast, so we really appreciate your time to keep the conversation going, helping to raise that all important awareness.

Remember you can catch all the action from the Microlise Transport Conference over on our YouTube channel now.