01174 621101
Home | Cyber Resilience Centre for the South West
The South West Cyber Resilience Centre is a police-led, academia-supported, not-for-profit business. It exists for the sole purpose of making South West businesses, charities, and the public sector safer online.
The team offers expert advice and guidance to support you and your business needs for staying cyber resilient.
Here are some examples of what good looks like to keep your organisation safe.
Case Study 1: Phishing Attack Leads to Invoice Fraud
The Incident:
A small engineering firm unknowingly paid a £24,000 invoice to a criminal after their accounts team received a spoofed email appearing to come from a regular supplier. The email looked genuine, including the supplier’s branding and language, and requested a change of bank details for an upcoming payment. The payment was made before the fraud was discovered.
How It Could Have Been Prevented:
- Staff Training: Regular phishing awareness sessions would have helped the team recognise red flags like unusual urgency or changes to payment methods.
- Verification Process: Introducing a simple two-step check for any change in supplier bank details (e.g. calling the known contact) would have stopped the fraud.
- Email Security: SPF, DKIM and DMARC email protection settings could have helped reduce spoofed email risks.
Case Study 2: Ransomware Locks Down Manufacturing System
The Incident:
A component manufacturer experienced a ransomware attack that shut down their CNC machines and disrupted operations for three days. The initial entry point was traced back to an unpatched remote desktop service exposed to the internet. The attackers encrypted critical design files and demanded payment in cryptocurrency.
How It Could Have Been Prevented:
- Patch Management: Regular updates to software and firmware would have addressed the known vulnerability used to gain access.
- Network Segmentation: Separating operational tech (OT) from office IT networks could have limited the spread of the ransomware.
- Offline Backups: Having offline, up-to-date backups would have enabled faster recovery without paying the ransom.
Case Study 3: Compromised Email Account in Supply Chain
The Incident:
An aerospace parts supplier unknowingly had their email account compromised for several weeks. During that time, criminals monitored email traffic, then inserted a fake invoice at just the right time — complete with accurate order details. This fooled the customer into making a large payment to a fraudulent account. Trust between the supplier and customer was damaged, and both parties suffered financial loss.
How It Could Have Been Prevented:
- Multi-Factor Authentication (MFA): Enabling MFA on all email accounts would have stopped the attackers even after the password was stolen.
- Monitoring and Alerts: Unusual login locations or mailbox forwarding rules could have triggered an alert if monitoring had been in place.
- Supplier Communication Protocols: Clear procedures on how invoices are issued and verified could help spot fraud attempts.
Find out more and receive your free starter park: Contact Us | Cyber Resilience Centre for the South West