5 minute read
Held to ransom First-hand advice on preventing cyber attacks
Business smarts
HELD TO RANSOM
In this first-hand account of surviving a ransomware attack, Martin de Gouw of Clyne & Bennie Plumbing recalls the disruption it caused, and warns other businesses not to be complacent.
AUTHOR: MATTHEW LOWE
Martin de Gouw says he scoffed at the idea of taking out cyber insurance for his plumbing company when the suggestion was first pitched to him a number of years ago. But the Managing Director of Christchurch-based Clyne & Bennie was grateful he eventually plumped for a policy when a year later the business fell victim to a ransomware attack.
The incident happened about six years ago and saw a number of the company’s files locked up and the hackers demanding 325 bitcoin, which Martin says was “probably equivalent to about $300,000”, to restore the data. Clyne & Bennie was able to recover the affected files from a back-up and did not pay out any ransom. However, it led to a number of IT changes to minimise the risk of falling victim to any future attack. Risks are real
Lessons learned
“It highlighted to us that your IT systems need to be reviewed independently by external parties periodically to make sure they are working as well as they should,” explains Martin. “The cyberattack effectively locked up our document store but we managed to restore from our back-up. We were lucky they didn’t get into our operational database and job management files.
“The whole thing was very disruptive. We had to rebuild the server, which they corrupted, and then we had to bring all the data back. We also claimed on our first cyber security insurance policy that we had only taken out about a year before.”
Martin adds the cyber insurance claim paid out about $15,000, which included paying for the time it took technicians to restore the corrupted files. Clyne & Bennie now has multiple back-ups of its files, he says. These include a live replication of its system to another server, cloud back-up for the server and a hard disk back-up that is taken off site.
Martin warns other businesses not to be complacent about the risk of a cyberattack and to take the matter seriously. “When we first got asked about taking out cyber insurance, I thought, ‘Really? We’re a little plumbing company.’ But what happened—and has also happened to others—shows that any system can be a target, so it pays to get the right protections and back-up in place.”
Martin De Gouw, Managing Director of Clyne & Bennie, says the company now has multiple file back-ups and gets regular external audits of its IT systems.
IT experts have developed improved prevention mechanisms over the years but the criminals behind ransomware attacks have also upped their game. A ransomware group known as Lockbit 2.0 claimed to have attacked three small and mid-size New Zealand businesses in August this year.
Tuffnell Plumbing, Drainage & Gas, based in Nelson, was also targeted by a phishing attack in 2019, which resulted in $80,000 effectively disappearing from the company’s accounts in an instant. Chris Downey, Managing Director, says hackers sent a phishing email to the company’s offices advising its administration staff a password reset was required for its Microsoft Outlook accounts. “Unfortunately, we inadvertently welcomed them in,” he says of the breach.
The business did not have cyber insurance at the time but has since taken out cover, has put staff through IT security training and introduced two-stage authentication processes on all its devices.
CYBER INSURANCE
Any business with a website, computer, email address, phone or Eftpos terminal is at risk of an attack on their data or network security. Cyber insurance can help businesses manage and recover from a cyber liability, such as ransomware, a virus, malware infection, DDoS (denial of service) attack, or loss of data and privacy breach. Policies can cover:
Loss of business income
Forensic costs to determine the extent of the event
Extortion costs incurred in the threat of an event or a ransomware assault
Costs to restore the network
Costs to replicate/replace lost data
Public relations costs to minimise reputational damage
PREVENTATIVE STEPS
Cybercrime is a lucrative activity that is predicted to rake in more than $10 trillion annually by 2025.
Ray Stanion, Business Development Manager at Oxygen IT in Christchurch, says there is a ransomware attack happening somewhere in the world every 11 minutes.
He stresses that New Zealand is not immune to cyberattacks and people need to take preventative action because “criminals are relying on your apathy”. His top tip for business owners is to educate themselves and their staff about the problem and talk to their IT provider.
RAY STANION Oxygen IT
Stanion’s other key advice is to get a cyber security assessment done to establish your exposure, address those areas, and repeat this annually. He says companies also need to consider the potential impacts of an attack, such as being without computer systems for days or weeks, and the value of their data, which will be equal to their revenue.
Oxygen IT recommends clients look at 15 areas to protect data and minimise the risk of becoming a victim of cybercrime. These include spam email, passwords, security awareness, multi-factor authentication, mobile device security, firewalls, encryption and back-ups.
Train your team
Leanne Cook, a Group Broking Manager for Crombie Lockwood, says cybercriminals are increasingly targeting tradespeople, as the businesses have large funds passing through accounts and, potentially, people who aren’t as computer savvy managing those transfers. She adds that better staff training around cybersecurity is vital and the peace of mind that cyber insurance can provide “is something we can’t stress to our clients enough”.
Chris Downey of Tuffnell Plumbing Drainage & Gas talked to Leanne Cook of Crombie Lockwood about cyber insurance having learned the hard way about phishing attacks. Credit: Crombie Lockwood
