It’s October, it’s Autumn, Friday the 13th is this month and Halloween is fast approaching. Most importantly though for us here at Launch 22 we’re celebrating our member of the month! This month we’re excited to shout about our member David Ollerhead from the cyber security consultancyDigitalXRAID (DXR). I sat down with David this week over a cup of coffee at our Liverpool office space and asked him some questions about his involvement with DXR and his experience while at Launch 22.
I started by asking David about how he got involved with DXR. David says that in his previous position he was involved in a professional manor with DXR and that “they liked the way in which I dealt with them, and asked me to join” so eventually this year David joined the company as their Business Development Manager.
I then went on to pick at David’s brain about what it is DXR offer clients.Prior to meeting David, I had visited DXR’s website and came across phrases like ‘social engineering’ and ‘penetration testing’. ‘Social engineering’ had reminded me of a YouTube I had watched about hacking one late night, but that was the extent of my knowledge on the matter so I was eager to listen to what David had to say.
We started by discussing social media. The concept that social is media is a part of a lot our lives and that we need to be conscious about what we’re posting is nothing new for most. We know that it’s probably not a good idea to take a photo of the outside of our house, street name and address in full view and then caption it ‘we’re all going on holiday for two weeks!’ — a scary concept and not a good idea. However, if you imagine the house was a multi-million-pound company and instead of someone breaking in and stealing your television it was hackers gaining access to the companies accounts or client information, the odds then get significantly higher!
What attackers can do utilising social engineering is to use social media platforms like LinkedIn, Facebook and Twitter to build profiles on their targeted company’s employees. What this means is that an IT technicians page on LinkedIn can give information on software that they are a specialist in, this then can help hackers in deducing what types of software the company utilises. Furthermore, an attacker can target and build a profile on a particular employee of a company in a department they would like to access.
“For example, a hacker may target the accounts department of a company, and has identified through social engineering that “Dorris” in accounts enjoys her shoe shopping from a particular retailer. If a legitimate looking email is created and sent to Dorris offering 50% off her next purchase and she follows the link enclosed…boom goes the dynamite. Clicking on the malicious link would instantly infect / compromise the company’s entire system with Ransomware or remotely executable code.”
I get the feeling I’ve only reached the tip of the cyber-security-iceberg, but from what I can surmise DXR simulate methods that ‘the bad guys’ use to infiltrate a company’s systems, providing client’s with a thorough risk assessment of their current security posture. From there DXR advise on how to mitigate and remediate the risks / vulnerabilities identified.
David then went on to explain another extreme engagement they can provide called Red Teaming. DXR will send an employee to a company’s offices to attempt to gain access to the building, furthermore a company’s IT assets / server room / an employees workstation. I got this very excited about the method as to me it sounded like real-life spy work.
I then move on to ask David about his time at Launch 22 and his feelings about working in a cooperative office environment. David tells me that it’s great to be around driven people in an amazing environment with everyone working towards their goals day to day. David goes on to cite a benefit of working in a cooperative environment being that the discussions you have with people can be very informative for both parties.
“There’s people in the creative / technology industries here and it’s great to make them think twice about the way they’re designing systems”.
Wrapping up our discussion I ask David if DXR has reached any milestones while being part of Launch 22. David informs me that they have recently gained a large client in the North West of England, after only eight days of DXR trading out of Liverpool, I may add! To finish our discussion David tells me that they’re currently planning an event for next month. The event will invite businesses along for free to raise some data protection issues (GDPR) — particular thanks to Alex Clark from Professional Liverpool network for their help organising so far.
by Bradley Welch Harley