Blog
21. May 2026

Cyber Security exposures are sometimes obvious.

Not all cyber security threats are Ai driven or even originate externally. Many risks revolve around the basics. There are simple hygiene processes to which all businesses need to be alive. 

Several years ago, I started supporting a business to find, within just a few short weeks, that it had suffered a major corruption of its databases. Highly sensitive personal data was at risk and potentially lost. 

A series of internal drives including databases had been deleted meaning the business could not operate. Simply everything ground to a halt. The collateral impact was potentially awful as this cost the business revenue and interrupted critical customer service. Basic finance processes including payment of staff and key suppliers were put in jeopardy. 100’s colleagues were idle and unable work. Without a rapid recovery the business would be on life support.  

We quickly mobilised an investigation. The investigation group included amongst others the CEO, CFO and Director of Technology. We had to eliminate a series of possibilities. The key objectives being to understand (i) the root causes and (ii) get the business back into a live state as a matter of urgency. Without understanding the root causes we risked it happening again. 

Within just a few hours we identified that a malicious actor had manually deleted the databases rather than malware being deployed onto the system. This was a relative relief. Following on, we deduced that a very disgruntled employee had left the business but retained password access. They had decided to seek their revenge by deleting business critical data. Whilst this was a criminal offence, it would not help the business recover quickly. But at least we knew the root cause and could quickly ehance processes to reduce future risk once back live.  

Whilst basic password control & closing network access for departing employees was absent, in this case, the business did have a robust recovery process and was fully back up & running within 48 hours. But the security attack was crude and could have been much worse if malware had been deployed or the disaster recovery process had proved fallible. 

But we did not waste the crisis. We undertook a full audit of all technology foundations and security protocols, including all system access. A systematic review was under-taken. A series of clear practical improvements were identified and once implemented the business was stronger and more resilient.

My conclusion from this is to avoid the stress. Despite all the excitement around Ai do not forget the basics too. As a business leader, people are your biggest asset and your biggest risk.  

Back

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is mandatory

This field is mandatory

This field is mandatory

There was an error submitting your message. Please try again.

Security Check

Invalid Captcha code. Try again.

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.