How to recover from a cyber-attack
by Sarah Adams, Cyber Risk Expert, PolicyBee
October 23 2017 - Ever been fooled by a bogus email?
You know - the ones that look like the kind of email you'd normally get in your inbox. Only if you look closer, there's a grammar mistake and the logo's not quite right?
Trouble is, sometimes you don't look closer, and you click on the link in the email anyway - just like they invite you to. And hidden behind that link is not what you expected, but a gang of cybercriminals bent on stealing your data and your cash.
Finger clickin' bad
That's what happened recently to a shocked member of the team in a recruitment agency specialising in accountancy personnel. He clicked...and his screen went black before a message popped up demanding £1,450 in bitcoin.
Here's why. The clicked link opened a gateway that the hackers exploited to infect the victim's PC with ransomware. That ransomware encrypted all the files on his PC, and then replicated itself across all the other computers on the network.
Cue havoc. The agency ground to a halt as its IT went into lockdown and its website disappeared from view.
Worse, the threatening ransom message said the amount demanded would double within 24 hours if no payment was made. And after another 24 hours, all data on the agency's systems would be wiped.
What to do, then? With its website and systems down, the agency couldn't do business and was losing revenue. On top of that, clients were complaining that no-one could see their adverts. And other recruiters were creaming off all the top candidates.
The other worrying thing was that the agency stored a large volume of personal data. All sorts of confidential details about its candidates were stashed on its systems - info that the cyber criminals could potentially syphon off and use for identity theft.
The agency was in a bind. It simply didn't have the cybercrime savvy or the technical expertise to deal with a situation like this. And all the time it was doing nothing, it was losing money.
So, should they just pay the ransom and put it down to experience? What if personal data had already been stolen? And what if hardware, software and systems were damaged beyond repair?
At times like this, you need a plan. A plan that addresses not only the technical side of the problem, but a whole lot of other stuff, too. Things like lost revenue, data breaches, compensation claims, official investigations, reputational damage...the list goes on.
Handling all that is 1. time consuming and 2. expensive. Plus, if you haven't got the know-how within your business (and most but the very largest don't), then you need to buy in the expertise.
It's lucky then that the stricken agency already had a plan in place. A plan called 'cyber insurance'. A call to the broker kick-started its recovery.
A forensics team arrived to crawl all over the agency's systems and work out the damage. Meanwhile, an experienced hand set about investigating the ransom situation.
She decided the criminals behind the ransom couldn't be trusted to restore the encrypted files even if money changed hands. She also thought there was a risk they'd come back for more. So no ransom was paid.
The technical team discovered the need for quite major repairs to both hardware and software, and organised stand-in kit so the agency could continue trading. Software was reinstalled, systems were re-built and data was reinstated from the previous evening's back-up.
At this point it became clear that personal data had been stolen and people's private information was in the hands of criminals. The insurance took care of informing each of the affected individuals, credit monitoring and also keeping the Information Commissioner's Office (ICO) in the loop.
The result was several claims for damages against the agency. The insurance stumped up for legal expertise to fight the agency's corner, and also covered all legal costs and compensation.
As it turned out, the ICO decided not to mount a full investigation or fine the agency, but the insurance made sure they were kept up-to-speed with events throughout. The insurance also paid for a PR campaign to help restore the agency's dented reputation.
It took a week or so before the agency was properly up and running again, with its website reinstated. And all the time it wasn't able to trade as normal, its bottom line was suffering badly. Cyber insurance covered the lost revenue.
So, recruitment agencies should plan to have a plan. If you're hit by a cyber-attack, you need to have the means to yourself get back up and trading again as quickly as possible. Otherwise, there's the potential for a catastrophic blow to your revenue stream.
If you've got a large IT department you can rely on for a rapid response, as well as a crack legal team to deal with ransoms, claims and regulators, then you might be in a position to cope with a cyber-attack. You'll also need a financial cushion to soak up the additional expenses and reduced revenue.
If not, you'll need a solid plan B...which is where cyber insurance comes in. It provides a valuable response in the wake of an attack and helps get your business back up on its feet fast. It's a life raft in what can be a very costly and potentially business-threatening sea of cyber troubles.