What happened when a recruitment agency was hit by ransomware? It was as simple as a junior member of staff clicking on a malicious link in a bogus email. Article from Sarah Adams, cyber risk specialist at business insurance broker – PolicyBee.
You know the emails, they mimic the kind of emails you’d normally expect in your inbox. Only hidden behind that innocent-looking link is a gang of cybercriminals with their eye on your data and your cash. Once the fatal click had been made, all hell broke loose. That’s because it opened a portal for the cyber gang to download ransomware onto the hapless junior’s PC…which then quickly spread across the entire network.
Cue carnage. All the agency’s files encrypted. The website down. The potential for a large amount of sensitive personal data to be stolen. And a ransom demand for £1,500 in bitcoin to reverse the damage – doubling to £3,000 if not paid within 48 hours.
Clear & present danger
Not such an unusual scenario unfortunately, because cyber-attacks are steeply on the rise. In fact, ISP provider Beaming claims UK businesses had to fend off around 65,000 internet-borne assaults each in the second quarter of 2016. And every minute the agency’s systems were paralysed, it was losing money. No one could see the vacancies on its website. Advertisers were irritated by their lack of exposure. And meanwhile, other recruiters were creaming off all the best candidates.
So, what to do? Should they just pay the ransom, put it down to experience, and try to get back to business as usual? Ransoms are tricky though. Let’s not forget it’s criminals we’re dealing with here. So, there’s no real guarantee they’ll decrypt your files and restore your website once you’ve paid up – even if they say they will. Plus, blackmailers have a horrible habit of coming back. If they clock you as an easy target who’ll routinely pay out, they may try to hold your business to ransom again a little further down the line.
Double the trouble
Anyway, it wasn’t just the ransom itself that our recruitment agency had to worry about. Or the business paralysis, the lost revenue, and the lost goodwill from clients and customers alike. There was also the technical side of things to sort out. Just how much physical damage had the attack done to its IT infrastructure? And what about the small matter of all that data…all those personal details it held on its database?
Data breach is a serious issue. If the cyber gang really had stolen personal info, it could be the start of some heavy-duty identity theft and money laundering.
That’s why the Information Commissioner’s Office (ICO) likes to be kept in the loop for data breaches and may order an investigation. It can even impose fines if it thinks security was lax – fines that are going to get a whole lot steeper when the new General Data Protection Regulation comes in next May. There are other complications with data loss, too. Anyone affected must be informed. And if they say the breach has caused them harm, they can sue for damages. That means lawyers, legal costs, compensation pay-outs, and a whole lot of stress. Expensive and time-consuming, then.
So, it’s just as well that our recruitment agency had taken out cyber insurance to guard against the kind of alarming situation it now found itself in. A quick call to the broker set the following chain in motion. An experienced negotiator assessed the situation and decided not to pay the ransom. After contacting the hackers and talking to them in their own language, he took the view that they couldn’t really be trusted.
Besides, the recruitment agency had done a pretty good job of backing up its data. There was a full back-up from the previous evening, which meant systems could be restored with only a minimal amount of data lost.
An IT forensics team then got to work, repairing systems and networks, reloading software and data, and generally getting everything more or less back to normal. After four days, even the website was back up and running. The forensics team worked out that personal data had in fact been syphoned off, so everyone impacted had to be told. The insurance provided for a contact team to track down everyone affected, as well as to inform the ICO and deal with their enquiries.
The data loss also provoked a handful of lawsuits that the insurance took care of by providing legal expertise, paying all costs and covering compensation. Importantly, the recruitment agency had been losing money hand over fist in the days after the attack. Income was way down, while getting things back to normal took about a week in all. Cyber insurance helped by covering the revenue shortfall.
The point about cyber-attacks is that they’re many, they’re various, and their consequences can be devastating. Of course, you should do everything you possibly can to stop threats getting through by having the best possible security in place.
But sometimes, an attack will find its way past your defences and onto your systems anyway, despite your very best efforts. So, it’s important to ask yourself what kind of a position you’d be in to pick up the pieces afterwards.
Speed of recovery is crucial if your business isn’t going to take a very hard knock – one that, potentially, it might not recover from. So, try answering these questions:
Do you have a clued-up IT department that can deal with the technical side of things quickly and efficiently – getting your business back to normal as soon as possible?
Are your financial reserves sufficient to cope with IT expenditure, legal costs, claims for compensation, and possible regulatory investigations and fines? Do you also have the expertise and time to deal with it all? Is your bottom line buoyant enough to withstand a hefty hit in terms of lost business and lost revenue while you can’t trade as normal? If not, it might be time to consider some cyber insurance.