SYTECH Consultants, the leading cyber security and digital forensics expert, calls on businesses working with high volumes of customer data to prioritise cyber security, following a large-scale cyber attack affecting a spate of well-known companies.

In light of the occurrence, which saw hackers target Snowflake, a third-party cloud storage data company working with large firms such as Ticketmaster and Santander, SYTECH has issued guidance for businesses to support them in remaining vigilant.

Mark Wilshaw (pictured above), Cyber Security Services Manager at SYTECH explained: “In the current digital age, cybersecurity and awareness are critical for businesses. While attackers continue to use the same methods to gain access to data and the level of breaches remains consistent, we are seeing a heightened focus on the value of the targeted data, largely focusing on where it is stored. 

There will likely be an uplift in the number of cloud services which are compromised as ultimately, that’s where the value is in terms of the data held. In this instance, the cloud storage provider Snowflake was the initial target of the breach, however, the attack has had a much wider impact affecting several companies and millions of customers.”

Mark went onto say: “To mitigate the risk of these attacks, considering the supply chain in security is key and supplier evaluations can prove invaluable. When working with third-party cloud-based suppliers, question the data protection process in place –  for example, do they adhere to the ’14 cloud security principles’ issued by the National Cyber Security Centre to ensure that data stored and processed in the cloud is done so as securely as possible?

General staff awareness training can also bolster the security of customer data. Key areas to cover should include password management guidance to advise how to select strong passwords and keep them safe, social engineering awareness to determine how to spot if someone is attempting to obtain sensitive information via social engineering (e.g. calling the office pretending to be IT and asking for passwords), and phishing awareness training to recognise the telltale signs that an email is phishing. In addition, phishing assessments could also be carried out to test team members on their ability to spot phishing emails.

He concluded: “Another aspect to consider when holding data is the access to that data; often, single-factor authentication does not offer the required level of protection and all sensitive accounts should be protected with multi-factor authentication to give a heightened level of protection.

Significantly, further opportunities to enhance cyber security come from undergoing and achieving relevant certifications. For example, the government-backed Cyber Essentials scheme not only helps to protect organisations against some of the most common cyber attacks, but also provides reassurance to customers that the business is taking a proactive stance and that all precautions to protect and minimise digital risk have been taken.”

From its offices in Stoke-on-Trent and South Wales, and established in 1978, SYTECH provides all aspects of digital forensics and cyber services (Cyber Essentials, penetration testing etc), consultancy and training, for national public sector organisations and major blue chip organisations. 

Predominantly working on behalf of the Criminal Justice System, and associated stakeholders, the company maintains a highly experienced, multi-discipline team of Professional Expert Witnesses and Analysts, who each specialise in complementary areas, working to understand the unique requirements of each business.

SYTECH is accredited under ISO 17025 and Forensic Science Code of Practice and Conduct (FSR-C-100), and certified for ISO 27001, ISO 9001 and ISO 14001.  SYTECH delivers consultancy and on-the-ground training support services for businesses striving to achieve ISO/IEC 17025 Quality Standards. 

With nine years of testing and calibration laboratory experience, and having secured the rigorous accreditation themselves, the experienced consultancy team can assist laboratories and businesses to achieve the accreditation – and maintain their status thereafter.