They provided security systems for others. But when it came to their own IT setup, that’s where things fell apart…
This cautionary tale from 2020 is still painfully relevant—and a stark reminder of why up-to-date infrastructure, working backups, and proactive protection matter more than ever.
It’s not always the banks, councils, or tech giants that fall victim to cyberattacks. Sometimes, it’s the very companies tasked with protecting others.
Back in 2020, a physical security company (name redacted), specialising in CCTV, door entry systems, and access control, suffered a ransomware attack that nearly ended their business. Despite offering protective solutions to others, their internal IT was running on an unsupported version of Windows Server 2012. No patches, no threat detection, and critically – no working backup.
The attackers used a long-known vulnerability in Remote Desktop Protocol (RDP), a weakness Microsoft had addressed years earlier. But this server hadn’t been updated. Within hours, the company’s files were encrypted and exfiltrated. The ransom note arrived with a deadline and a threat: pay, or the stolen client data – including floorplans and system configs – would be released publicly.
This is exactly the kind of breach that makes clients nervous,” says Mark Williams, Senior Client Relations Manager at b2b (Personic is part of the b2b Group). “You think your data’s protected because you trust the people you’ve hired – but if their own systems aren’t up to scratch, everyone’s exposed.”
The company’s last reliable backup was several years old. The director had assumed backups were running in the background, but they’d never been tested. When disaster struck, there was no quick recovery option. They chose to pay the ransom.
The decryptor provided was partial and unstable. Some files returned, many didn’t. Worse still, the attackers returned days later with another demand, threatening to publish the stolen data if they didn’t pay again.
The breach had wide-reaching consequences. Projects were delayed. Clients questioned whether their own systems had been compromised. Years of brand trust vanished in weeks.
According to the UK Government’s Cyber Security Breaches Survey 2023, 32% of businesses reported experiencing a cyberattack or breach in the past 12 months. Among medium-sized businesses, that figure rises to 59%, with phishing and ransomware among the top threats.
“We still see SMEs running business-critical infrastructure on out-of-support systems,” says Mark. “And backups? Often they’re just assumed to be working, when they haven’t been tested in years. That’s where these stories start.”
This case—while a few years old—remains painfully relevant. Many businesses still rely on legacy systems and have backup strategies based on hope rather than evidence. Cybercriminals know this and are actively looking for soft targets.
It’s a reminder that physical and digital security must go hand in hand. Patch management, endpoint detection, regular backups, and user training aren’t just “nice to haves”—they’re critical. Especially for companies whose reputations are built on trust.
—
This case is a reminder of what’s at stake:
- Unpatched systems are open doors.
- Backups are only useful if they’re tested and recent.
- Reputations take years to build—and moments to lose.
What You Can Do
This could have been prevented with:
- Active patch management
- A working backup strategy
- Threat detection and response (EDR)
- Regular cybersecurity audits
It’s easy to assume your setup is “probably fine” – but in cybersecurity, assumptions can be costly. Personic works with small and medium-sized businesses to keep systems current, secure, and resilient—without disruption. If you’ve not reviewed your security setup in a while, now’s the time.