Under attack

Go Back to Featured Articles
Posted On - 30/03/2022
Posted By - Glass Times Web

Nine-months after being hit by a ransomware attack, Emplas has achieved a Cyber Essentials accreditation. We report.

Imagine you’re running (or maybe you are running) a large-scale fabrication business. It’s a night shift during a home improvement boom in the middle of a global pandemic.

At around 3.30am, one of your key manufacturing workstations starts to shut down. The factory team flag it and call in the IT engineer. At this moment it’s nothing more than an inkling that something isn’t right.

The IT engineer responds, running diagnostics. And then it hits – you’re under attack. Your systems have been infected, a virus is trying to penetrate your servers, and your business is about to grind to a shuddering halt.

“It was March last year [2021],” explains Stuart Chadwick, Head of IT, Emplas. “We think the origin was someone plugging in an Android phone into their laptop to charge it. That was where it started.”

“It hit very quickly what was happening. The factory floor had responded brilliantly. They’d raised what was happening incredibly quickly and they and the responding engineer had shown incredible professionalism in how they’d reacted.

“The fact that we were there, that we caught it early, meant that we were able to minimise the impact. Even so, we lost 24-hours production at a time when we were very busy _ but it could have been much worse. We could have easily lost two weeks’ production.”

Ransomware attacks are big business, which a number of window and door companies have found out to their cost. The slightest breach in IT security and systems can come crashing down, every piece of data, every piece of software encrypted by criminals, who then charge a release fee – often running to hundreds of thousands of pounds.

Stuart continued: “It was quite a sophisticated attack. We believe the virus was rolled out a couple of days before triggering the payload, giving it time to penetrate some of our systems – but not all of them.

“We brought in our team and supported by external consultants, we were back online by 5pm that same day, despite having lost most of our servers but then there was a much bigger clean-up of all PCs, trying to mop up any remaining vulnerabilities.

“It was still a 24-hours that I’d rather not relive. It doesn’t take much to imagine the whole team running around the building telling people to stop opening up their systems and shut down!”

In post for less than six-months at the time of the attack, Stuart led a major review of Emplas IT infrastructure. “We weren’t any worse than anyone else but from a security perspective we weren’t as strong as we might have been, and the senior leadership team fully supported the proposals.”

This prompted a major review and investment programme including a quarter of a million pound spend on new network, servers, firewalls, backup arrangements, cloud storage and, perhaps most importantly, cultural change.

What it also did was to go down the route of Cyber Essentials accreditation. A little bit like Secured by Design, it encourages cyber security best practice requiring the companies it accredits to demonstrate that their systems are robust and tested, with certified companies cutting their risk of cyber-attack by 98.5%.

“Everything has been rebuilt from the ground-up. It’s new. Every server, every computer is running current anti-virus software, the latest versions of software and all the latest patches,” Stuart says.

“The cultural change has been equally as important. We have far better password discipline, two factor authentication, automatic locking of computers. Colleagues now constantly demonstrate alertness to threats such as email attachments etc.

“It’s about striking a balance between not inconveniencing people or putting things in the way so that IT becomes an obstacle versus the need for high levels of security.

“Putting in certain controls might put in a small extra step for users, which I get they might not always welcome, but which means our security as a business is less likely to be compromised.

“For example, now once every 60 days staff have to reset their password. It’s maybe 60 seconds lost every six weeks.

“Whenever they log into a new machine, as well as their ID and their password, they also need a two-factor authentication code from their mobile phone.

“It inconveniences them for literally 20 seconds, but these small cultural changes and new processes massively improve security.”

This is so important for Emplas because the strides forward that it has made as a fabricator, its customer portal, EVA and the digital support it offers from 24/7 ordering to real time updates on production, are founded on its IT infrastructure.

“We can recover our entire business within 24 hours. We back up to the cloud regularly, while we have tried to get our critical systems to a point of recovery of less than an hour and as little as 15-minutes,” Stuart continues.

Emplas employs a team of six developers, of which two are focussed solely to supporting EVA, its customer portal, plus a dedicated team of three infrastructure specialists, with a remit for security.

“That’s a learning point for us. If people have lots of different responsibilities things don’t always get the focus they need to and you can’t afford that to happen.

“Having dedicated resource has delivered a step-change in how we approach IT security, that’s not only infrastructure but culture.”