Last month, a production firm in Limburg fell victim to cybercrime. A professional hacker demanding €60,000 halted production for several days, costing the firm in question tens of thousands of euros.
The hacker acted very professionally. Using malware, he sent a cryptolocker to encrypt the affected company’s files. In no time, their production system went down. Gerrit Mets, cyber expert at Vanbreda Risk & Benefits, explains: “Malware is a common, targeted type of hacking which disrupts computer systems. A hacker uses malware to send a cryptolocker to encrypt a few crucial files belonging to the firm in question. The hacker then approaches the firm, demanding a ransom in Bitcoins.”
This powerful hack was a big financial blow for the company concerned. Several days’ production were lost, dozens of employees were sent home and software experts had to be brought in to clean up the computer system and get it back in working order. Additionally, management decided to play it safe and paid part of the €60,000 ransom, without results.
According to Gerrit Mets, the days when hackers only attacked large companies with enormous databases are truly over. “SMEs are popular victims, as their budget for the construction of a security policy is limited.”
It is also worth noting that cybercriminals appear to be playing increasingly frequent attention to production companies. Although that’s no coincidence, according to Gerrit Mets.
“The most important concern when designing a production machine has always been the continuity of the work process. Until recently, little attention was paid to security aspects, as these machines were not connected to the internet. However, thanks to the rapid evolution of technology, these days production machines often do communicate with the outside world, without sufficient security measures in place. This provides a sort of digital playground for hackers, enabling them to ruin an unprotected production firm financially.”
You can never completely eliminate cybercrime, but you can certainly guard your firm against it. Besides the necessary preventive measures, you can also alleviate financial repercussions through a cyber policy. Cyber policies may be adapted to the customer’s needs. Coverage is possible for:
extortion: reimbursement of ransom payments for cyberextortion;
forensics costs: e.g. fees for ICT consultants;
data retrieval: e.g. the costs of recovering encrypted data;
business interruption: compensation for the firm’s inactivity;
liability: in the case of violations of privacy, compensation for paid claims and legal costs;
crisis management: costs related to restoring reputation and managing a cyber crisis, e.g. fees for PR consultants.