A WIRRAL director is urging businesses to ‘act now’ in the fight against cyber crime after fraudsters stole £100,000 from the company bank account.
Jonathan Kemp, director of manufacturing business Advanced Electrical Varnishes (AEV) Limited, based in Birkenhead, was victim to a sophisticated computer scam which saw two separate transactions made from his NatWest account to Ukraine and Cyprus.
Although the money to the Ukraine account was quickly replaced, it took the businessman a further four months to retrieve the funds which had gone to an account in Cyprus.
He said: “After what happened to us, I want businesses to be aware of the risks out there.
“There is very much a culture of ‘it won’t happen to me’ but soon we will all know somebody who has been victim to some form of cyber crime – whether it be through financial banking, through opening an email with a virus attached or downloading a virus through an insecure Wi-Fi connection.
“My lifeline through all of this has been working with cyber security company Mitigate whose experts have been on hand to advise us through the steps to take following this major breach which did have a huge impact on our company.”
Through Mitigate Cyber Security, AEV Limited has implemented a number of measures to increase its resilience against future breaches, including identifying potential threats and embedding cyber security into company policies and staff training.
“It is these measures which businesses need to adopt now to prevent something happening to them,” Mr Kemp added.
And support is out there for businesses as AEV Limited received half of the funding for Mitigate’s cyber security measures from the Manufacturing Advisory Service (MAS).
Stephen Robinson, managing director at Mitigate, which has offices in Salford, Daresbury and Lancaster, said: “Cyber security is an issue which is gaining momentum but more businesses need to take steps now to make themselves harder targets in the future.
“Our ‘ethical’ hackers carry out ‘penetration testing’ to detect any major vulnerabilities or ‘gaps in security’ and highlight action needed to mitigate the risks of cyber attack. Cyber attacks
cost the UK economy £27 billion a year currently but this will certainly increase if businesses choose to carry on without putting protection in place.”
MAS advisor Mark Sutherberry said: “MAS has been working with AEV Ltd for many years and were more than happy to help to advise Jonathan following this security breach. Breaches like this can be extremely distressing for businesses – particularly small ones who may not be able to recoup losses and could even be forced into bankruptcy.
“We were delighted to be able to help provide AEV with half of the funding needed for penetration testing which now means the company is as cyber secure as it can be and prepared for these types of threat in the future.”
Mr Kemp added: “Back in the 1960s, we lived in a world where we could leave our doors and windows open when we left the house and clearly this is unthinkable now. The same notion goes for the internet as without security in place, we are wide open to vulnerabilities. We now need to move into a world where cyber security is simply a necessary process and part of what businesses and people do.”
Case study: How the scam happened to AEV
AEV Limited was targeted by a scam which meant that a ‘rootkit’ or concealed programme opened up a fake version of the company’s online banking system.
When the financial controller logged into Bankline – the service NatWest offers business customers – she was told to enter her ‘Smartcard PIN’ which is not normally requested to be entered directly into the internet banking site. Having entered it once, a message came up to say she had entered it incorrectly and requested it again.
Within three minutes, two transactions had been made – $30,000 to an account in Ukraine and another €100,000 to an account in Cyprus. (Equivalent to about £100,000)
Mr Kemp had a battle on his hands to get the money back after NatWest claimed the employee had breached the terms and conditions of Bankline because she had entered the Smartcard PIN online – the bank said it would only ever ask for this to be entered into a card-reader device.
Together with eight other companies, Mr Kemp led a campaign to seek political support through local MPs, including the Rt Hon Esther McVey MP and the Rt Hon Frank Field MP. The representatives collectively lobbied the banks to get the money back for the companies. Around four months after the cyber attack, Mr Kemp finally got the money back, but the experience left him extremely aware of the vulnerabilities that cyber crime poses to businesses – in particular small ones.