How a hacker nearly cost Gillian Franklin her $130 million business
Heat Group managing director Gillian Franklin was in London last year when a text message from a staffer sent her world into a tail-spin.
The $130 million wholesaling business had come to a
screeching halt, placed behind lock and key after a hacker infiltrated its
systems in a ransomware attack.
Almost everything was captured, including 20 years of sales
history, payroll and employment details, customer trading terms and archived
creative work.
The business, unable to process, ship or pack orders, was
incapacitated.
“It was like someone slapped you really hard across the
face,” Franklin tells SmartCompany.
“You get this big shock, it hurts, then once you’ve
recovered from that you think, ‘oh my god, how do I go into defence mode?'”
Franklin had two options. Attempt to pay a USD$40,000
Bitcoin ransom on the promise all her businesses files would be decrypted and
handed back, or bring in a team of IT specialists and attempt to recover the
data.
The stakes were high. Heat Group is one of the most
prominent cosmetics wholesalers in Australia, distributing well-known brands
such as Cover Girl and Max Factor to 7,000 business customers.
Not being able to trade ended up costing the business $2
million over five days, but beyond that, Franklin says it would have been
difficult for the company to continue operating unless the data was recovered.
“I’d been robbed. It’s like they tore the heart of my
business,” Franklin says.
“If you have no data, if you have no sales history … how do
you run a business if you have no information?
“If we had taken months and months to recover, we may not
have got through.”
Deciding to pursue both recovery and ransom payment
simultaneously, the business owner brought in PriceWaterHouse’s cyber security
department to assist her own team in unencrypting whatever files they could.
What followed were four days of around-the-clock work to get
the business into a position where it could trade again, and a month before the
whole business was back.
Four weeks after the hack, just as the business finalised
its recovery, the United Kingdom’s Cyber Security Center reached out to
Franklin, saying they had written to Australia’s Department of Defense about
the hacker, who had been linked to a range of other attacks.
Franklin learned her company’s files had all been sold on
the dark web for USD$3,500 ($4750).
“They could see from their monitoring this hacker had
attacked 15 other companies in Australia, one of which was us,” Franklin says.
Franklin’s serial hacker is just one of many preying on
Aussie SMEs in our increasingly digitised world.
In a world where governments are funding their own armies of
hackers to wage digital wars with one another, small businesses are more
vulnerable than ever to cyber security attacks.
Australian businesses are losing an estimated $29 billion
every year to cyber security incidents, according to data published last month
by the federal government’s Australian Cyber Security Centre (ACSC).
But attitudes about cyber security are still falling
drastically short, with ACSC survey data also indicating almost 50% of
businesses cannot or will not spend more than $500 on IT security each year.
Franklin never thought she would be the victim of a cyber
attack either… until it happened.
Now the business owner has a simple message for other SMEs:
you could be next.
“It would be very naive to assume it couldn’t happen to
you,” Franklin says.
“If these hackers can get into these major organisations and
government departments, they can get into your business.”
“Do not underestimate the damage that can be caused,”
Franklin says.
Protect your business: Gillian Franklin’s advice
It’s difficult to characterise losing $2 million in trade as
lucky, but Franklin still has her business.
The business owner worries others won’t be as fortunate, and
is urging SMEs to take immediate steps to protect themselves.
It’s about when, not if, Franklin says.
“We need a fundamental shift in how businesses are run
today. Years ago you would have never had [cyber security] in your business
plan,” Franklin explains.
So what can companies do to protect themselves? Having gone
through it, Franklin has some advice for SMEs, saying the most important thing
is having a plan in the first place.
Adopt a philosophy of constant and diligent risk mitigation;
Implement two-step authentication on all technology;
Constantly send your team phishing emails as a resilience
test;
Ensure all your documentation is up to date, including
procedures and protocols;
Back up your entire business on a secure cloud accessible
server;
Purchase cyber security insurance (business disruption won’t
cover cyber attacks); and
Ensure all software is kept up to date.
“If you are unfortunate enough that this happens, you can
waste a lot of time not knowing where to start,” Franklin says.
“Have all those draft emails to stakeholders ready now, so
if it does happen, you can have a quick turnaround.”
Comments
Post a Comment